perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: capture exception
Date Tue, 30 May 2017 14:49:28 GMT

> On 30 May 2017, at 16:43, John Dunlap <john@lariat.co> wrote:
> 
> How is it a security hole?
….
> > my $ret = eval { $m->...() };

Just imagine $m->…() returning something containing a valid perl expression such as "
`rm -rf /‘; “, system(“rm -rf /“);  or something that wires up a shell to a TCP socket.

Dw.


Mime
View raw message