[13153] in bugtraq
Re: majordomo local exploit
daemon@ATHENA.MIT.EDU (Chip Salzenberg)
Thu Dec 30 14:50:15 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991229233914.K758@perlsupport.com>
Date: Wed, 29 Dec 1999 23:39:14 -0800
Reply-To: Chip Salzenberg <chip@VALINUX.COM>
From: Chip Salzenberg <chip@VALINUX.COM>
X-To: Henrik Edlund <henrik@EDLUND.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.20.9912291615411.6601-100000@corellia.edlund.org>;
from henrik@EDLUND.ORG on Wed, Dec 29, 1999 at 04:20:38PM +0100
According to Henrik Edlund:
> There is no need, I believe, to use the sysopen function as someone
> else suggested earlier.
But sysopen() is a simpler approach that eliminates all such concerns,
and adds robustness. Simply prepending "< " is not enough to work in
the presence of, say, filenames that begin with whitespace.
PS: I added sysopen() to Perl 5.4. :-)
--
Chip Salzenberg - a.k.a. - <chip@valinux.com>
"Fleagal. Bingo. Drooper. Snork. They're cops." //MST3K
