perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Perrin Harkins <phark...@gmail.com>
Subject Re: capture exception
Date Tue, 30 May 2017 14:51:55 GMT
https://www.effectiveperlprogramming.com/2011/03/know-the-different-evals/

On Tue, May 30, 2017 at 10:49 AM, Dirk-Willem van Gulik <
dirkx@webweaving.org> wrote:

>
> On 30 May 2017, at 16:43, John Dunlap <john@lariat.co> wrote:
>
> How is it a security hole?
>
> ….
>
> > my $ret = eval { $m->...() };
>
>
> Just imagine $m->…() returning something containing a valid perl
> expression such as " `rm -rf /‘; “, system(“rm -rf /“);  or something that
> wires up a shell to a TCP socket.
>
> Dw.
>
>

Mime
View raw message