[6265] in bugtraq
Re: Perl bugs (was Re: another /tmp race: `perl -e')
daemon@ATHENA.MIT.EDU (Chip Salzenberg)
Mon Mar 9 13:46:37 1998
Date: Sun, 8 Mar 1998 11:58:39 -0500
Reply-To: chip@pobox.com
From: Chip Salzenberg <chip@ATLANTIC.NET>
X-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199803080206.TAA19726@cvs.openbsd.org>; from Theo de Raadt on
Sat, Mar 07, 1998 at 07:06:25PM -0700
According to Theo de Raadt:
> This PERL problem was fixed by me in OpenBSD in early _1997_. The
> patch I made to perl 5.003 was commited with the following log entry:
> revision 1.2
> date: 1997/01/23 04:31:36; author: deraadt; state: Exp; lines: +9 -5
> perl mktemp race; fix mailed to larry
> Note that I sent Larry mail about the problem, but this did not result
> in a fix shipping in 5.004_04. Bad Larry! What other perl security
> problems have not gotten fixed?
Well, Larry isn't involved in active Perl coding these days.
The people on the hot seat at the moment are:
for 5.004_xx: Tim Bunce <Tim.Bunce@ig.co.uk>
for 5.005: Malcolm Beattie <mbeattie@sable.ox.ac.uk>
BTW, any perl bugs should be sent to perlbug@perl.{org,com}. Perhaps
yours was, I don't mean to imply otherwise; mistakes do happen.
I'll forward the patch to them, so they can decide what to do with it.
--
Chip Salzenberg - a.k.a. - <chip@pobox.com>
"I brought the atom bomb. I think it's a good time to use it." //MST3K
