From 236736 at excite.com Sun May 4 08:38:06 2003 From: 236736 at excite.com (236736@excite.com) Date: Wed Aug 4 00:02:54 2004 Subject: Spam Remedy 236736 Message-ID: 1757030993@bigfoot.com An HTML attachment was scrubbed... URL: http://mail.pm.org/archives/melbourne-pm/attachments/20030504/1ab5d495/attachment.htm From pjf at perltraining.com.au Thu May 8 00:55:23 2003 From: pjf at perltraining.com.au (Paul Fenwick) Date: Wed Aug 4 00:02:54 2004 Subject: Interesting Perl bug I hit today Message-ID: <20030508055523.GE4980@mukc.org.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 G'day everyone, I discovered an interesting Perl bug involving setuid today, tested under 5.6.1. The result is that a setuid perl script cannot call itself witout some minor acrobatics. I put a brief write-up about this in my diary at , but I've reproduced it below for your reading pleasure. See you all at next week's meeting, Paul (From http://advogato.net/person/pjf/) Interesting Perl Bug To see an interesting bug which caused me many headaches, enter the following script, and mark it setuid. Then run it as any other user except the owner. #!/usr/bin/perl -wT $ENV{PATH} = ""; print "Hello World\n"; system($0,"1") unless @ARGV; The result is a delightful message about how your kernel has a setuid script bug which is rather dangerous and easy to exploit... except that you don't Perl is just getting confused because it looks like the interpretor has been started setuid before it's had a chance to do sanity checking and invoke suidperl. The result is the inability to have a setuid script invoke itself. Very bothersome. The solution is to drop setuid privileges before the script calls itself again. Conveniently enough, Perl allows us to localise $> (effective UID), so the following program does work as intended: #!/usr/bin/perl -wT $ENV{PATH} = ""; print "Hello World\n"; unless (@ARGV) {local $> = $<; system($0,"1");} Because of the use of local, setuid privileges are only dropped for the duration of the call to system. Of course, it's usually a good idea to drop setuid privileges as soon as possible, or only invoke them when you absolutely have to. - -- Paul Fenwick | http://perltraining.com.au/ Director of Training | Ph: +61 3 9354 6001 Perl Training Australia | Fax: +61 3 9354 2681 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+ufFKx5N6j7FHnlURAnDIAJ9BEXBGw5Co1ZVjaTZXySdUKhPsEQCdHkuw FuO3U9IHak8/SH6vmmvf54k= =3LmC -----END PGP SIGNATURE----- From ajsavige at yahoo.com.au Thu May 8 02:34:08 2003 From: ajsavige at yahoo.com.au (=?iso-8859-1?q?Andrew=20Savige?=) Date: Wed Aug 4 00:02:54 2004 Subject: Interesting Perl bug I hit today In-Reply-To: <20030508055523.GE4980@mukc.org.au> Message-ID: <20030508073408.54660.qmail@web10902.mail.yahoo.com> Paul Fenwick wrote: > I discovered an interesting Perl bug involving setuid today, > tested under 5.6.1. I noticed this in Perl 5.8.0 perldelta: "After years of trying, suidperl is considered to be too complex to ever be considered truly secure. The suidperl functionality is likely to be removed in a future release." Not being a security expert, I'm confused. All the suidperl security warnings have scared me off and I have resorted to using the "C wrapper" technique described near the end of perlsec. Is there truly a safe alternative to the "C wrapper" technique? When I have asked this question before, people have told me to go use sudo, which is OK in-house, but unattractive if you want the script to run at hundreds of sites (which may not have sudo). /-\ http://mobile.yahoo.com.au - Yahoo! Mobile - Check & compose your email via SMS on your Telstra or Vodafone mobile. From ashlyncedeno at speedsurf.pacific.net.ph Thu May 8 08:35:51 2003 From: ashlyncedeno at speedsurf.pacific.net.ph (Ashlyn Cedeno) Date: Wed Aug 4 00:02:54 2004 Subject: Register me for FREE!!! Message-ID: <20030508132821.4DCB098CAC@mail3.panix.com> Hi, my name is Ashlyn Cedeno. I would like to share with you a unique internet buyer's club that enables you to get great discounts on everything you buy at over 200 online stores worldwide including Wal-Mart, Dell Computer, Disney & Staples! Membership is FREE and has many benefits! To get your FREE membership ID, send an email to ashcedeno@speedsurf.pacific.net.ph and put "REGISTER ME FOR FREE" in the subject and your full name in the body of your email. I will then register you into the system. You will receive a confirmation email asking you to verify. Open it up and activate your free membership immediately. Remember, there is no cost, no risk and no obligation to join. You have nothing to lose and possibly a lot to gain! Best Regards Ashlyn Cedeno ---------------------------------------------- If you would prefer not to receive messages from me in the future, please send an email to ashcedeno@speedsurf.pacific.net.ph with REMOVE in the subject line. Thanks. From "fql29g3p at ceana520" at juno.com Fri May 9 22:28:12 2003 From: "fql29g3p at ceana520" at juno.com (Robin Strong) Date: Wed Aug 4 00:02:54 2004 Subject: enhance your sex drive now ! fmmoj Message-ID: <1-5b-43p6$s1m@1bf.z0yaj9slh> An HTML attachment was scrubbed... URL: http://mail.pm.org/archives/melbourne-pm/attachments/20030510/e7b8513e/attachment.htm From scottp at dd.com.au Sun May 11 04:34:20 2003 From: scottp at dd.com.au (Scott Penrose) Date: Wed Aug 4 00:02:54 2004 Subject: Melbourne.pm Meeting - Wednesday 14th of May 2003 - "Beginners" and "A tour of ActiveState Perl & the PDK" Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Welcome to May Melbourne.pm We are continuing our excellent talks this month ! To start with we are running a new beginners section. Each month we will present the next section of Beginners Perl series that is primarily written as a bridge between people who already know one language. Following our main presentation will be covering perl used on Windows - development kit, compilation and debugging. Where: myinternet Level 8, myinternet House 14-20 Blackwood Street North Melbourne When: Wednesday the 14th of May 2003 - 6:30 pm Doors open from 6pm till 6:45pm Agenda: * Welcome to Melbourne.pm * What's new in Perl 5 * Beginners Talk - Introduction, Output and Expressions * 5 minute talk on new modules * Next hacking session * Main Talk: "A tour of ActiveState Perl & the PDK" Beginners Talk: Part 1, 2 + 3 - Introduction, Output and Expressions * Introduction * Basic Output (The "Hello World" program) * Expressions Main Talk: "A tour of ActiveState Perl & the PDK" by Graeme Cross This will be a whirlwind tour and demo of the Activestate (http://www.activestate.com/) Perl distribution for Windows and the Perl Development Kit, including: * the PPM packaging tool * perlapp, which builds standalone executables * their visual debugger * and a host of other tools for working with services, COM, MSI, the system tray, etc Scott - -- Scott Penrose Anthropomorphic Personification Expert http://search.cpan.org/search?author=SCOTT scott@cpan.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (Darwin) Comment: For info see http://www.gnupg.org iD8DBQE+vhkfDCFCcmAm26YRAp8vAJ434yv/zwpf5Wuo7vPJ+CnOFvUmGwCgouHD Lk5gfHH8h7+kcg0oeaxHIac= =IUI7 -----END PGP SIGNATURE----- From webdevelope1r at zipmail.com.br Sun May 18 10:18:05 2003 From: webdevelope1r at zipmail.com.br (AUMENTE SEU P蔔IS) Date: Wed Aug 4 00:02:54 2004 Subject: Faca do seu penis um P蔔IS Message-ID: <200305181513.h4IFDQt12164@mail.pm.org> Com o MANUAL mais cobi?ado da internet no momento, voc? aumenta o tamanho de seu p?nis de 2 a 5 cm em 2 meses com exerc?cios absolutamente naturais. Aumenta tamb?m a sua pot?ncia, controle e volume da ejacula??o, dentre outros benef?cios. Programa completo com figuras ilustrativas explicando detalhadamente todos os exerc?cios. Fotos comparativas no site de pessoas que experimentaram essa t?cnica. http://alavanca2003.tripod.com.br http://www.alavanca2003.impg.com.br _________________________________________________________ ___________ OBS: Esta mensagem n?o ? um spam, visto que somente estar? sendo enviado uma ?nica vez, e tamb?m cont?m uma forma de ser removida, ? um e-mail normal como tantos outros que voc? recebe, n?o estamos invadindo sua privacidade e enviar um e-mail n?o ? crime, desde que n?o contenha mensagens que possam causar danos ao usu?rio. Caso queria remover seu endere?o de nossa lista, basta enviar um e-mail com o titulo (assunto) remover, que seu e-mail ser? removido de nossa lista definitivamente.Desculpe-nos caso tenhamos lhe importunado com nosso e-mail de divulga??o. Obrigado! From gcross at alphalink.com.au Sun May 18 21:36:26 2003 From: gcross at alphalink.com.au (Graeme Cross) Date: Wed Aug 4 00:02:54 2004 Subject: Some URLs from last week's PM meeting Message-ID: <20030519023626.7EC8535690@www.fastmail.fm> As promised, here are some of the URLs that were mentioned at last week's meeting: a) The "Perl for Perl newbies" notes that Scott presented: http://vipe.technion.ac.il/~shlomif/lecture/Perl/Newbies/lecture1/ b) The Regex Coach - the GUI tool for experimenting with regexps (I mentioned this but forgot to demo it): http://weitz.de/regex-coach/ - Graeme -- Graeme Cross From 237030 at mail.com Mon May 19 12:18:06 2003 From: 237030 at mail.com (237030@mail.com) Date: Wed Aug 4 00:02:54 2004 Subject: protect your computer 237030 Message-ID: 1809808435@bigfoot.com An HTML attachment was scrubbed... URL: http://mail.pm.org/archives/melbourne-pm/attachments/20030519/5b58e438/attachment.htm From xtouch at tech-ex.com.cn Fri May 23 03:21:04 2003 From: xtouch at tech-ex.com.cn (xtouch@tech-ex.com.cn) Date: Wed Aug 4 00:02:54 2004 Subject: 给您给我一个机会，提成30% Message-ID: <20030523_082104_052779.xtouch@tech-ex.com.cn> An HTML attachment was scrubbed... URL: http://mail.pm.org/archives/melbourne-pm/attachments/20030523/5e2620bf/attachment.htm From bjdean at unimelb.edu.au Sat May 24 18:05:00 2003 From: bjdean at unimelb.edu.au (Bradley Dean) Date: Wed Aug 4 00:02:54 2004 Subject: "#!/usr/bin/env perl" and using multiple environments Message-ID: <20030525090500.A14046@unimelb.edu.au> Greetings folks, I've been considering the potential benefits of using some sort of self-rolled /usr/bin/env in project development when multiple environments are needed. For instance - if a projects development, testing and production environments use entirely separate module libraries, it would be nice not to have to hard code the appropriate 'use lib's. Now env soes have the ability to let you change specific environment variables, but if their are lots of changes that's going to lead to a messy #! at the start of each script. The alternative I'm considering is to have something like: - env-dev - env-test - env-prod Which essentially do the same thing as env, but with a (dev|test|prod) environment built. This way the #!'s become '#!/somepath/env-dev perl' for instance and al; should notionally be well (and there should be no need for any hard coding of specific 'modes' within the code itself) It also means that a general environment can be built up so the env-(dev|test|prod) can be used to construct all environments, not just the perl #!'s Anyone seen this sort of thing done, have any thoughts on the matter? Brad -- Melbourne University ITSAD SDI - Campus Wide Info Systems Group (CWIS) Email: bjdean@unimelb.edu.au Phone: +61-3-83443997 Mobile: +61-413014395 Australian Intervarsity Choral Societies Association - Secretary Email: secretary@aicsa.org.au Web: http://www.aicsa.org.au From wayland at smartchat.net.au Mon May 26 08:54:35 2003 From: wayland at smartchat.net.au (Timothy S. Nelson) Date: Wed Aug 4 00:02:54 2004 Subject: "#!/usr/bin/env perl" and using multiple environments In-Reply-To: <20030525090500.A14046@unimelb.edu.au> Message-ID: On Sun, 25 May 2003, Bradley Dean wrote: > Greetings folks, > > I've been considering the potential benefits of using some sort of > self-rolled /usr/bin/env in project development when multiple environments > are needed. > > For instance - if a projects development, testing and production > environments use entirely separate module libraries, it would be nice not > to have to hard code the appropriate 'use lib's. > > Now env soes have the ability to let you change specific environment > variables, but if their are lots of changes that's going to lead to a messy > #! at the start of each script. > > The alternative I'm considering is to have something like: > - env-dev > - env-test > - env-prod Hmm. You could also make one called "envconf", which pulls its configuration from a file, and then you just pass it a command line parameter, eg. envconf -e dev envconf -e test envconf -e prod That would cut down on the number of files littering your system, would make it easy to add extra environments, and would give the tool a greater general applicability than just your own project. Then there's less code duplication as well :). I don't see any reason why it wouldn't work, but neither am I a super-guru :). > Which essentially do the same thing as env, but with a (dev|test|prod) > environment built. > > This way the #!'s become '#!/somepath/env-dev perl' for instance and al; > should notionally be well (and there should be no need for any hard coding > of specific 'modes' within the code itself) > > It also means that a general environment can be built up so the > env-(dev|test|prod) can be used to construct all environments, not just the > perl #!'s > > Anyone seen this sort of thing done, have any thoughts on the matter? --------------------------------------------------------------------- | Name: Tim Nelson | Because the Creator is, | | E-mail: wayland@smartchat.net.au | I am | --------------------------------------------------------------------- ----BEGIN GEEK CODE BLOCK---- Version 3.12 GCS d+ s:- a- C++>++++$ U++ P++ L++ E- W+++ N+ w>--- V- Y+>++ PGP->++ R !tv b++ DI++++ D+ G e++>++++ h! y- -----END GEEK CODE BLOCK----- From scottp at dd.com.au Mon May 26 19:56:43 2003 From: scottp at dd.com.au (Scott Penrose) Date: Wed Aug 4 00:02:54 2004 Subject: "#!/usr/bin/env perl" and using multiple environments In-Reply-To: Message-ID: <1585FD72-8FDE-11D7-B941-003065B58CF8@dd.com.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, May 26, 2003, at 23:54 Australia/Melbourne, Timothy S. Nelson wrote: > On Sun, 25 May 2003, Bradley Dean wrote: > >> Greetings folks, >> >> I've been considering the potential benefits of using some sort of >> self-rolled /usr/bin/env in project development when multiple >> environments >> are needed. >> >> For instance - if a projects development, testing and production >> environments use entirely separate module libraries, it would be nice >> not >> to have to hard code the appropriate 'use lib's. >> >> Now env soes have the ability to let you change specific environment >> variables, but if their are lots of changes that's going to lead to a >> messy >> #! at the start of each script. >> >> The alternative I'm considering is to have something like: >> - env-dev >> - env-test >> - env-prod > > Hmm. You could also make one called "envconf", which pulls its > configuration from a file, and then you just pass it a command line > parameter, > eg. > > envconf -e dev > envconf -e test > envconf -e prod > > That would cut down on the number of files littering your system, > would make it easy to add extra environments, and would give the tool a > greater general applicability than just your own project. Then > there's less > code duplication as well :). I don't see any reason why it wouldn't > work, but > neither am I a super-guru :). I agree about putting it in a file - eg: /etc/env.conf However, I would go for a file and / or symlink version. >> Which essentially do the same thing as env, but with a (dev|test|prod) >> environment built. >> >> This way the #!'s become '#!/somepath/env-dev perl' for instance and >> al; >> should notionally be well (and there should be no need for any hard >> coding >> of specific 'modes' within the code itself) The problem with this approach is you haven't really saved much. You still have to then change all your code from env-dev to env--production Instead if you do it in a config and/or symlinks to env Then your #! is just #!/usr/bin/env perl and you symlink /usr/bin/env to /usr/bin/env-dev on the dev box, and to something else on other boxes. Or you just have a file in /etc/env.conf which is the environment details, and just change that file. You could even have an environment variable (sounds recursvive, but not really). eg: ENV_CONF=/etc/env_beta.conf so that you can have multiple environments on the one box, and still only have one #! Scott >> It also means that a general environment can be built up so the >> env-(dev|test|prod) can be used to construct all environments, not >> just the >> perl #!'s >> >> Anyone seen this sort of thing done, have any thoughts on the matter? > > --------------------------------------------------------------------- > | Name: Tim Nelson | Because the Creator is, | > | E-mail: wayland@smartchat.net.au | I am | > --------------------------------------------------------------------- > > ----BEGIN GEEK CODE BLOCK---- > Version 3.12 > GCS d+ s:- a- C++>++++$ U++ P++ L++ E- W+++ N+ w>--- V- Y+>++ > PGP->++ R !tv b++ DI++++ D+ G e++>++++ h! y- > -----END GEEK CODE BLOCK----- > > > > > - -- Scott Penrose VP in charge of Pancakes http://linux.dd.com.au/ scottp@dd.com.au Dismaimer: If you receive this email in error - please eat it immediately to prevent it from falling into the wrong hands. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (Darwin) Comment: For info see http://www.gnupg.org iD8DBQE+0rfPDCFCcmAm26YRAnTiAKCfpXzXBKKLVXS9PEeVygDWo2vLWACaAoky 2cS+LnI2b3iZIA0gg8WZPac= =WM/T -----END PGP SIGNATURE----- From rickm at isite.net.au Mon May 26 21:13:10 2003 From: rickm at isite.net.au (Rick Measham) Date: Wed Aug 4 00:02:54 2004 Subject: Webhost in Melbourne Message-ID: I'm looking for a local web-host and I figured PMers might be able to help. Here's the requirements: 1. Linux/Unix based (not Windows!) 2. Apx 20MB Storage 3. Virtual Machine would be good otherwise: 4. Healthy attitude to adding new perl modules 5. PostGreSQL database access (with multiple databases) 6. Unlimited email accounts, with POP access, forwarding, SpamAssassin filtering etc. I'm currently getting all this from hub.org, but their servers are unreliable and are in Panama! Something local would be better (and faster) Cheers! Rick Measham -- -------------------------------------------------------- There are 10 kinds of people: those that understand binary, and those that don't. -------------------------------------------------------- The day Microsoft makes something that doesn't suck is the day they start selling vacuum cleaners -------------------------------------------------------- "Write a wise proverb and your name will live forever." -- Anonymous -------------------------------------------------------- From P.Suba at sachen-fuer-webmaster.de Fri May 30 18:40:36 2003 From: P.Suba at sachen-fuer-webmaster.de (Financial Service Group) Date: Wed Aug 4 00:02:54 2004 Subject: How the Banks make their money... 18161 Message-ID: <0000334c179d$00003d11$000029fd@mx2.cwidc.net> An HTML attachment was scrubbed... URL: http://mail.pm.org/archives/melbourne-pm/attachments/20030530/ff3ac809/attachment.htm From Phonecalls at pr-corinth.h.uunet.de Sat May 31 04:48:08 2003 From: Phonecalls at pr-corinth.h.uunet.de (TNG Services) Date: Wed Aug 4 00:02:54 2004 Subject: C:\Documents and Settings\Jon Gotti.GOTTI\Desktop\Client Folders\Life Insurance\Subjects 2.txt 6870 Message-ID: <000034047158$00007da7$00007f9d@personalmail.de.uu.net> An HTML attachment was scrubbed... URL: http://mail.pm.org/archives/melbourne-pm/attachments/20030530/b86229be/attachment.htm