[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: perl-cgi hole in UltimateBB by Infopop Corp.

To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: perl-cgi hole in UltimateBB by Infopop Corp.
From: Bill <mckinnon@ISIS2000.COM>
Date: Mon, 14 Feb 2000 15:33:14 -0500

"Sergei A. Golubchik" wrote:
>
> The fix is obvious. But the rule of the thumb is "do not use magic perl 
>open".
> At least in cgi scripts. If you want to open regular file, sysopen does
> the trick as well.

   Isn't open(FH, "< $variable") sufficient to stop any embedded |'s, etc
from doing anything harmful, as well?

- Bill

Prev by Date: Re: perl-cgi hole in UltimateBB by Infopop Corp.
Next by Date: Re: CGI.pm and the untrusted-URL problem
Prev by thread: Re: perl-cgi hole in UltimateBB by Infopop Corp.
Next by thread: Re: perl-cgi hole in UltimateBB by Infopop Corp.
Index(es):
- Date
- Thread