From katama2-ml at osk.toppan.co.jp Thu Jul 3 07:15:17 2003 From: katama2-ml at osk.toppan.co.jp (=?ISO-2022-JP?B?GyRCSlI+PhsoQiAbJEJNNDtKGyhC?=) Date: Thu Aug 5 00:05:13 2004 Subject: [kansaipm] FindBin Message-ID: <20030703205953.66F7.KATAMA2-ML@osk.toppan.co.jp> ????? ?? ???? lib ???????????? ??????????????????????? #!/usr/bin/perl -wT use strict; use FindBin; use lib,$FindBin::Bin; ? Insecure dependency in chdir while running with -T switch at C:/Perl58/lib/Cwd.pm line 419. BEGIN failed--compilation aborted at C:/Perl58/lib/FindBin.pm line 180. Compilation failed in require at C:\Documents and Settings\katama2\??????\testFindBin.pl line 3. BEGIN failed--compilation aborted at C:\Documents and Settings\katama2\??????\testFindBin.pl line 3. ?????????? ??????????????????????????? ?????????secure?????????????????? ??????????????????????? #!/usr/bin/perl -wT use strict; package hoge; BEGIN{ our $thisScriptPath = __FILE__; $thisScriptPath =~ s!\/[^/]+?$!!; } use lib $hoge::thisScriptPath; require 'fuga.pl'; package main; ? ---------1---------2---------3---------4---------5---------6---------7 ?? ?? # ?????signature????????????????????????(^_^;;; From nakajima at netstock.co.jp Fri Jul 4 22:24:01 2003 From: nakajima at netstock.co.jp (Yasushi Nakajima) Date: Thu Aug 5 00:05:13 2004 Subject: [kansaipm] FindBin In-Reply-To: <20030703205953.66F7.KATAMA2-ML@osk.toppan.co.jp> References: <20030703205953.66F7.KATAMA2-ML@osk.toppan.co.jp> Message-ID: <20030705113940.45B3.NAKAJIMA@netstock.co.jp> ??????????????XPDFJ?????????????? ??> #!/usr/bin/perl -wT ??> use strict; ??> use FindBin; ??> use lib,$FindBin::Bin; ??> ? ??> ??> Insecure dependency in chdir while running with -T switch at C:/Perl58/lib/Cwd.pm line 419. ????????Unix??????????Windows???????????? Cwd.pm?????abs_path()????????????????????? Windows????????????chdir?????????????????? ?????????????FindBin.pm?????abs_path()???????? ?????$0??????????????????????$0??????? ???????????????chdir()????????????????? ????????????????????????? ??> ??????????????????????? ??> #!/usr/bin/perl -wT ??> use strict; ??> package hoge; ??> BEGIN{ ??> our $thisScriptPath = __FILE__; ??> $thisScriptPath =~ s!\/[^/]+?$!!; ??> } ??> use lib $hoge::thisScriptPath; ??????$thisScriptPath???????????????????????? ????????????????????????????use?require?? ?????????????????????????use lib??????? ??File::Spec->rel2abs()????????????File::Spec::Win32?? Cwd????chdir()??????????????????????????? use File::Spec; BEGIN { my(undef, $p) = File::Spec->splitpath(File::Spec->rel2abs($0)); use lib $p; } ?????5.005???File::Spec::Win32????????????????? ?????????Win32.pm?????????????????? *** win32.pm.org Sat Jul 5 12:12:22 2003 --- win32.pm Sat Jul 5 12:12:42 2003 *************** *** 360,370 **** if ( ! $self->file_name_is_absolute( $path ) ) { # Figure out the effective $base and clean it up. ! if ( ! $self->file_name_is_absolute( $base ) ) { ! $base = $self->rel2abs( $base ) ; ! } ! elsif ( !defined( $base ) || $base eq '' ) { $base = cwd() ; } else { $base = $self->canonpath( $base ) ; --- 360,370 ---- if ( ! $self->file_name_is_absolute( $path ) ) { # Figure out the effective $base and clean it up. ! if ( !defined( $base ) || $base eq '' ) { $base = cwd() ; + } + elsif ( ! $self->file_name_is_absolute( $base ) ) { + $base = $self->rel2abs( $base ) ; } else { $base = $self->canonpath( $base ) ; ??????????????????????????$0????????? ????????$p = __FILE__; ??????$p????????????? ?????__FILE__??????????????????????????? ?????????????????$0?__FILE__????????OS??perl ????????????????????????????????? -- Yasushi Nakajima From iwai at alib.jp Sun Jul 6 03:24:16 2003 From: iwai at alib.jp (IWAI, Masaharu) Date: Thu Aug 5 00:05:13 2004 Subject: [kansaipm] blosxom =?ISO-2022-JP?B?GyRCJHI7biQ3JEYkXyReJDckPxsoQg==?= Message-ID: <20030706172416.0895fbc7.iwai@alib.jp> ????? blosxom ????????????????????? writeback ????????????????????? patch ???? ?????????????????? # patches ? # http://iwai.alib.jp/blosxom/index.cgi?c=v;p=%A5%D7%A5%E9%A5%B0%A5%A4%A5%F3%A5%EA%A5%B9%A5%C8 # ?????????? MT ??????????Kansai.pm ??????????? ?????????????????blosxom ??????? # ?????????????????????????????? # ??????????????????????????????? # ????????????????? -- ??? From katama2-ml at osk.toppan.co.jp Tue Jul 8 04:56:40 2003 From: katama2-ml at osk.toppan.co.jp (=?ISO-2022-JP?B?GyRCSlI+PhsoQiAbJEJNNDtKGyhC?=) Date: Thu Aug 5 00:05:13 2004 Subject: [kansaipm] Re: FindBin In-Reply-To: <20030705113940.45B3.NAKAJIMA@netstock.co.jp> References: <20030703205953.66F7.KATAMA2-ML@osk.toppan.co.jp> <20030705113940.45B3.NAKAJIMA@netstock.co.jp> Message-ID: <20030708171612.F791.KATAMA2-ML@osk.toppan.co.jp> ????? ?? ?????? > ??????????????XPDFJ?????????????? ?????????????????? ?????? > ????????Unix??????????Windows???????????? use lib ??? require(or use) ?????Unix??????? $ perl -wTe ' use strict; use FindBin; use lib "$FindBin::Bin"; require "a"; ' Insecure dependency in require while running with -T switch at -e line 5. ?????? > ??????$thisScriptPath???????????????????????? > ????????????????????????????use?require?? > ?????????????????????????use lib??????? > ??File::Spec->rel2abs()????????????File::Spec::Win32?? > Cwd????chdir()??????????????????????????? ??????????????????????? $0 ? ??????????????????? require????????????????????????????? ????????????????????????????? # ???__FILE__???????? ## ?????FindBin?$0??????????? ## FindBin???????????????? ??????????? $ perl -wTe ' use strict; use File::Spec; print File::Spec->rel2abs("../test.pl"); ' /export/home/katama2/../test.pl ?????? /export/home/test.pl ????????????? ???????..???????/??????? absolute path ???????? ---------1---------2---------3---------4---------5---------6---------7 ?? ?? From nakajima at netstock.co.jp Tue Jul 8 08:36:16 2003 From: nakajima at netstock.co.jp (Yasushi Nakajima) Date: Thu Aug 5 00:05:13 2004 Subject: [kansaipm] Re: FindBin In-Reply-To: <20030708171612.F791.KATAMA2-ML@osk.toppan.co.jp> References: <20030705113940.45B3.NAKAJIMA@netstock.co.jp> <20030708171612.F791.KATAMA2-ML@osk.toppan.co.jp> Message-ID: <20030708220505.DAF0.NAKAJIMA@netstock.co.jp> ??> $0 ? ??????????????????? ??> require????????????????????????????? ??> ????????????????????????????? ??> # ???__FILE__???????? ?????? ??> /export/home/katama2/../test.pl ??> ?????? ??> /export/home/test.pl ??> ????????????? ??> ???????..???????/??????? absolute path ???????? ???????Yes???..??????????????????????? ????????????????????????? ?File::Spec->canonpath()?????????/??????./??????? ????????..??????????????????..???????? ???????????????????????????????????? ???????????????????????? while ( $path =~ s![^/]+/\.\.(/|$)!! ) {} ????????????? -- Yasushi Nakajima From katama2-ml at osk.toppan.co.jp Tue Jul 8 09:26:22 2003 From: katama2-ml at osk.toppan.co.jp (=?ISO-2022-JP?B?GyRCSlI+PhsoQiAbJEJNNDtKGyhC?=) Date: Thu Aug 5 00:05:13 2004 Subject: [kansaipm] Re: FindBin In-Reply-To: <20030708220505.DAF0.NAKAJIMA@netstock.co.jp> References: <20030708171612.F791.KATAMA2-ML@osk.toppan.co.jp> <20030708220505.DAF0.NAKAJIMA@netstock.co.jp> Message-ID: <20030708232315.F79B.KATAMA2-ML@osk.toppan.co.jp> ????? ?? ?????? > ?File::Spec->canonpath()?????????/??????./??????? > ????????..??????????????????..???????? > ???????????????????????????????????? > ???????? ????????????? ??????????? ---------1---------2---------3---------4---------5---------6---------7 ?? ?? From iwai at alib.jp Wed Jul 16 17:03:50 2003 From: iwai at alib.jp (IWAI, Masaharu) Date: Thu Aug 5 00:05:13 2004 Subject: [kansaipm] CPAN =?ISO-2022-JP?B?GyRCJCwlKiVsJXMlOCRLGyhCIQ==?= Message-ID: <20030717070350.29ee3452.iwai@alib.jp> ????? perldocjp ????????????????CPAN ????????????? http://search.cpan.org/ ??????????????????? http://search.cpan.org/orange.html ??????? http://www.freeml.com/message/perldocjp@freeml.com/0000626 use Perl; ???????????????????? http://use.perl.org/articles/03/07/14/1313244.shtml?tid=32 ??????????? http://www.freeml.com/message/perldocjp@freeml.com/0000628 -- ??? From iwai at alib.jp Tue Jul 22 02:11:35 2003 From: iwai at alib.jp (IWAI, Masaharu) Date: Thu Aug 5 00:05:14 2004 Subject: [kansaipm] CGI.pm vulnerable to Cross-site Scripting Message-ID: <20030722161135.1c803ac2.iwai@alib.jp> ????? CGI.pm ? XSS ?????????? # Bugtraq ?????????????? http://eyeonsecurity.org/advisories/CGI.pm/adv.html ????? start_form ??????????? ???2.94 ????????? # Perl 5.8.0 ?????????????? -- ??? From nakajima at netstock.co.jp Tue Jul 22 03:14:43 2003 From: nakajima at netstock.co.jp (Yasushi Nakajima) Date: Thu Aug 5 00:05:14 2004 Subject: [kansaipm] CPAN =?ISO-2022-JP?B?GyRCJCwlKiVsJXMlOCRLGyhCIQ==?= In-Reply-To: <20030717070350.29ee3452.iwai@alib.jp> References: <20030717070350.29ee3452.iwai@alib.jp> Message-ID: <20030722171229.8E84.NAKAJIMA@netstock.co.jp> IWAI,> perldocjp ????????????????CPAN ????????????? IWAI,> http://search.cpan.org/ ???????????????????????????????????? ???????????????????????(^^)????????? -- Yasushi Nakajima From nakajima at netstock.co.jp Tue Jul 22 03:20:31 2003 From: nakajima at netstock.co.jp (Yasushi Nakajima) Date: Thu Aug 5 00:05:14 2004 Subject: [kansaipm] CGI.pm vulnerable to Cross-site Scripting In-Reply-To: <20030722161135.1c803ac2.iwai@alib.jp> References: <20030722161135.1c803ac2.iwai@alib.jp> Message-ID: <20030722171617.8E87.NAKAJIMA@netstock.co.jp> IWAI,> CGI.pm ? XSS ?????????? IWAI,> # Bugtraq ?????????????? IWAI,> IWAI,> http://eyeonsecurity.org/advisories/CGI.pm/adv.html IWAI,> ????? start_form ??????????? ?Perl5.8?CGI.pm??????????????????????????? ??????????????????????????????????? -- Yasushi Nakajima From iwai at alib.jp Tue Jul 22 04:25:33 2003 From: iwai at alib.jp (IWAI, Masaharu) Date: Thu Aug 5 00:05:14 2004 Subject: [kansaipm] CPAN =?ISO-2022-JP?B?GyRCJCwlKiVsJXMlOCRLGyhCIQ==?= In-Reply-To: <20030722171229.8E84.NAKAJIMA@netstock.co.jp> References: <20030717070350.29ee3452.iwai@alib.jp> <20030722171229.8E84.NAKAJIMA@netstock.co.jp> Message-ID: <20030722182533.2ffc3aa8.iwai@alib.jp> ????? On Tue, 22 Jul 2003 17:14:43 +0900 Subject: Re: [kansaipm] CPAN ??????! Message-Id: <20030722171229.8E84.NAKAJIMA@netstock.co.jp> Yasushi Nakajima wrote: > ???????????????????????????????????? > ???????????????????????(^^)????????? ??????????????????????? ?????????????????????? 1,2 ?????? ????????????????????????????:-) -- ??? From iwai at alib.jp Tue Jul 22 04:27:46 2003 From: iwai at alib.jp (IWAI, Masaharu) Date: Thu Aug 5 00:05:14 2004 Subject: [kansaipm] CGI.pm vulnerable to Cross-site Scripting In-Reply-To: <20030722171617.8E87.NAKAJIMA@netstock.co.jp> References: <20030722161135.1c803ac2.iwai@alib.jp> <20030722171617.8E87.NAKAJIMA@netstock.co.jp> Message-ID: <20030722182746.6be4c0e5.iwai@alib.jp> ????? On Tue, 22 Jul 2003 17:20:31 +0900 Subject: Re: [kansaipm] CGI.pm vulnerable to Cross-site Scripting Message-Id: <20030722171617.8E87.NAKAJIMA@netstock.co.jp> Yasushi Nakajima wrote: > ?Perl5.8?CGI.pm??????????????????????????? > ??????????????????????????????????? ??HTML ????????????????????????? # HTML::Template ????????? -- ??? From iwai at alib.jp Thu Jul 24 15:05:05 2003 From: iwai at alib.jp (IWAI, Masaharu) Date: Thu Aug 5 00:05:14 2004 Subject: [kansaipm] =?ISO-2022-JP?B?GyRCJVclbSU4JSclLyVIQzs/LhsoQjo=?= Kansai.pm =?ISO-2022-JP?B?GyRCPDlJLjxUSmc9OBsoQg==?= Message-ID: <20030725050505.052cede2.iwai@alib.jp> ????? ??? BSD Magazine ? Perl Mongers ?? Kansai.pm ???????????? ??? 8/4 ??? -- ???