Re^3: tf - tail a file and output separator line when inactive

in reply to Re^2: tf - tail a file and output separator line when inactive
in thread tf - tail a file and output separator line when inactive

My point is precisely that there's no way of running arbitrary code even when the regex isn't being checked or cleaned. Of course, the user running this will often be root so this is only an issue if the script is somehow made setuid. I only pointed it out to avoid the typical subthread about "Your usage of /$regex/ is insecure!".

--
David Serrano

Comment on Re^3: tf - tail a file and output separator line when inactive

Replies are listed 'Best First'.
Re^4: tf - tail a file and output separator line when inactive by ikegami (Patriarch) on Jul 18, 2006 at 17:51 UTC
Sorry, I had misunderstood. Had I understood your point, I would have said: Indeed, without `use re 'eval';`, regexps won't knowingly run Perl code in interpolated variables. However, it's still possible to write very expensive regepxs and (I think) to crash Perl. I don't know if a crash can be exploited to execute native code.	[reply] [d/l]

In Section Cool Uses for Perl