[Pdx-pm] [csieh at fnal.gov: Re: Horribly Broken RHEL5/SL5 Perl]
Daniel Johnson
teknotus at gmail.com
Tue Aug 26 11:12:39 PDT 2008
> The next important step is to always invoke perl with:
> #!/usr/bin/env perl
> Do not use:
> #!/usr/bin/perl
The /usr/bin/env trick has significant security considerations.
Consider a cgi example.
http://example.com/cgi/submit.pl?PATH=/tmp
Which would run whatever is called perl in the temp directory instead
of calling the real perl to compile, and run the cgi script.
More information about the Pdx-pm-list
mailing list