XP is just a number | |
PerlMonks |
Re^4: TIMTOWDTDI, obfu and analyzis of code (<> broken)by tye (Sage) |
on Mar 12, 2003 at 23:30 UTC ( [id://242535]=note: print w/replies, xml ) | Need Help?? |
To "fix" this would fix more existing code than it would break existing code. In fact, this sounds like something that should be in a CERT advisory not something to be kept for backward compatability. The amount of code that intends to take advantage of this behavior is tiny. The amount of code at risk because of this behavior is huge. My choice would be to require to get the current (hopefully soon to be "old") behavior rather than sane behavior. And tainting isn't much of a solution. It is very easy to see situations where privileged users run a not-tainted script that looks up filenames from directories where less-privileged users can create files. For any reasonable program, this is a safe thing to do and so is not something people worry about or use "tainting" to protect against. - tye
In Section
Meditations
|
|