[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [groff] [PATCH] Avoid Perl's unsafe "<>" operator
From: |
Colin Watson |
Subject: |
Re: [groff] [PATCH] Avoid Perl's unsafe "<>" operator |
Date: |
Thu, 28 Feb 2019 19:42:45 +0000 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Thu, Jan 24, 2019 at 02:34:35PM +0000, Colin Watson wrote:
> The "<>" operator is implemented using the two-argument form of "open",
> which interprets magic such as pipe characters, allowing execution of
> arbitrary commands which is unlikely to be expected. Perl >= 5.22 has a
> "<<>>" operator which avoids this, but also forbids the use of "-" to
> mean the standard input, which is a facility that the affected groff
> programs document.
[...]
Has anyone had a chance to review this patch (also in
https://savannah.gnu.org/bugs/?55557, after Deri's suggestion)? Should
I just go ahead and commit it?
I'm going to upload this patch to Debian unstable shortly in the cause
of getting release-critical bug fixes in ahead of our upcoming full
freeze, but it would be better to get it into upstream as well.
Thanks,
--
Colin Watson address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [groff] [PATCH] Avoid Perl's unsafe "<>" operator,
Colin Watson <=