[Pdx-pm] [csieh at fnal.gov: Re: Horribly Broken RHEL5/SL5 Perl]

Daniel Johnson teknotus at gmail.com
Tue Aug 26 11:12:39 PDT 2008


> The next important step is to always invoke perl with:
> #!/usr/bin/env perl
> Do not use:
> #!/usr/bin/perl

The /usr/bin/env trick has significant security considerations.
Consider a cgi example.

http://example.com/cgi/submit.pl?PATH=/tmp

Which would run whatever is called perl in the temp directory instead
of calling the real perl to compile, and run the cgi script.


More information about the Pdx-pm-list mailing list