There have been various threads on this issue over the past few days This one probably contains the most meat and least flaming muck. Opinions are currently divided between this being the end of the world and it not being a big deal at all :-).

There is a bug in perl which can be used to compromise a machine if a script uses format strings incorrectly. This is a serious bug and if you suspect a script of yours may be vulnerable you should check. Work is underway to fix this in perl itself, the webmin script which exposed this hole has already been fixed (which does not help other vulnerable scripts of course). Taint checking will not help with this, but common sense on the part of the programmer will.

Oh, and if your java buddies give you a hard time over this ask them to make a comparative list of the number of serious Java and Perl vulnerabilities over the last year. I suspect you won't hear back from them ;-).


Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan

In reply to Re: New Perl Vulnerability? by tirwhan
in thread New Perl Vulnerability? by wolfger

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.