NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.
All the Perl that's Practical to Extract and Report
use Perl Log In
gabor (1626)
gabor
(email not shown publicly)
http://szabgab.com/
Perl developer and trainer [szabgab.com]
Test automation using Perl [szabgab.com]
(email not shown publicly)
http://szabgab.com/
Perl developer and trainer [szabgab.com]
Test automation using Perl [szabgab.com]
Friday October 29, 2004
01:57 AM
Paranoia
Do these security people have a clue ?
I just received this alert from Google: Perl Multiple Scripts Insecure Temporary File Creation
Following the link you'll find they claim there are some security issues in Perl and one should upgrade to 5.8.5.
Then looking at the original reports (linked from the above page) you'll see they reported some vulnerability in various scripts written in Perl and one should upgrade.
They don't say what should they upgrade and to which version though...
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Or is it a BUG?"
"Let's call it an accidental feature. :-)"
--Larry Wall in <6909@jpl-devvax.JPL.NASA.GOV>
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.
Second-hand security (Score:1)
If you look closely at the advisory, it states that it's original source is a Trustix [trustix.org] advisory. If you read the original it states that some of scripts contained in the Trustix packages handle temporary files in an insecure fashion, and this is the reason for the recommended upgrade. So the original wasn't a problem with Perl, but instead a problem with some particular scripts bundled with Perl (and ghostscript, glibc, groff, and many more).
Unfortunately, this is a clear case of security-advisory Chin
Re:Second-hand security (Score:1)
The bad news is that *almost* no one will bother to do so... So Perl will get the blame, true or not