Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • There is change in the Apache logging API starting at 2.0.49 which escapes data written to the error logs. See this link on the mod_perl [] website. So their may be some concern for those running webmin as root. But in my experience, it's always preferable to run daemons as non privileged users whenever possible.
  • After some communcation, the description of the security notice on the Webmin site has been updated, but the incorrect title remains.
    qw(Ian Langworth)
  • More details at the Perl foundation weblog [].
  • The title has been fixed, plus there's an announcement [] on the use Perl; main page.
    qw(Ian Langworth)
  • Let's see. Webmin uses Sys::Syslog, whose syslog function, unlike its C-library cousin, passes its arguments to sprintf, a Perl function that contains an integer overflow bug. sprintf also happily accepts tainted data.

    Yet you claim the fault lies entirely at the side of webmin.

    I disagree. Sure, webmin has a fault, but the results of the fault wouldn't be as damaging as they are now because of the overflow bug in sprintf.