Come for the quick hacks, stay for the epiphanies. | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
BTW, who runs oneliners as root? (i'd consider that a bug)
It's not just one-liners, and it's not just root. Any script that doesn't untaint ARGV is vulnerable. Partly, that vulnerability is incidental, given that once someone has broken into an account it is a lot easier for them to do damage directly, rather than wasting time attacking some Perl script. Very few Perl books talk about ARGV being a vulnerability. Or if they do, it's in passing in one part of the book, with examples in other parts ignoring the hazard.
In reply to Re: Re: Dangerous diamonds!
by dws
|
|