|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8
From: Todd C. Miller (Todd.Miller
COURTESAN.COM)Date: Thu May 11 2000 - 01:40:05 CDT
- Next message: David L. Nicol: "Re: "ClientSideTrojan" bug"
- Previous message: Marc Slemko: "Re: IE Domain Confusion Vulnerability doesn't matter much"
- In reply to: Frank van Vliet: "Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8"
- Reply: Todd C. Miller: "Re: Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Would it not be simpler (and safer) to just call system() with
a list instead of a scalar and thus prevent perl from ever invoking
a shell?
Ie, instead of:
system("./processmail $id $::FORM{'who'}");
Use:
system("./processmail", $id, $::FORM{'who'});
- todd
- Next message: David L. Nicol: "Re: "ClientSideTrojan" bug"
- Previous message: Marc Slemko: "Re: IE Domain Confusion Vulnerability doesn't matter much"
- In reply to: Frank van Vliet: "Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8"
- Reply: Todd C. Miller: "Re: Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]