groff
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [groff] [PATCH] Avoid Perl's unsafe "<>" operator


From: Colin Watson
Subject: Re: [groff] [PATCH] Avoid Perl's unsafe "<>" operator
Date: Thu, 28 Feb 2019 19:42:45 +0000
User-agent: NeoMutt/20170113 (1.7.2)

On Thu, Jan 24, 2019 at 02:34:35PM +0000, Colin Watson wrote:
> The "<>" operator is implemented using the two-argument form of "open",
> which interprets magic such as pipe characters, allowing execution of
> arbitrary commands which is unlikely to be expected.  Perl >= 5.22 has a
> "<<>>" operator which avoids this, but also forbids the use of "-" to
> mean the standard input, which is a facility that the affected groff
> programs document.
[...]

Has anyone had a chance to review this patch (also in
https://savannah.gnu.org/bugs/?55557, after Deri's suggestion)?  Should
I just go ahead and commit it?

I'm going to upload this patch to Debian unstable shortly in the cause
of getting release-critical bug fixes in ahead of our upcoming full
freeze, but it would be better to get it into upstream as well.

Thanks,

-- 
Colin Watson                                       address@hidden



reply via email to

[Prev in Thread] Current Thread [Next in Thread]