Bugtraq mailing list archives
Re: Perl bugs (was Re: another /tmp race: `perl -e')
From: chip () ATLANTIC NET (Chip Salzenberg)
Date: Sun, 8 Mar 1998 11:58:39 -0500
According to Theo de Raadt:
This PERL problem was fixed by me in OpenBSD in early _1997_. The patch I made to perl 5.003 was commited with the following log entry: revision 1.2 date: 1997/01/23 04:31:36; author: deraadt; state: Exp; lines: +9 -5 perl mktemp race; fix mailed to larry Note that I sent Larry mail about the problem, but this did not result in a fix shipping in 5.004_04. Bad Larry! What other perl security problems have not gotten fixed?
Well, Larry isn't involved in active Perl coding these days.
The people on the hot seat at the moment are:
for 5.004_xx: Tim Bunce <Tim.Bunce () ig co uk>
for 5.005: Malcolm Beattie <mbeattie () sable ox ac uk>
BTW, any perl bugs should be sent to perlbug@perl.{org,com}. Perhaps
yours was, I don't mean to imply otherwise; mistakes do happen.
I'll forward the patch to them, so they can decide what to do with it.
--
Chip Salzenberg - a.k.a. - <chip () pobox com>
"I brought the atom bomb. I think it's a good time to use it." //MST3K
Current thread:
- Re: another /tmp race: `perl -e' opens temp file not safely, (continued)
- Re: another /tmp race: `perl -e' opens temp file not safely stanislav shalunov (Mar 08)
- Re: another /tmp race: `perl -e' opens temp file not safely Theo de Raadt (Mar 08)
- Updated list of crypto and security courses Avi Rubin (Mar 09)
- *sigh* another RH5 /tmp problem Mark A. Spencer (Mar 09)
- Re: *sigh* another RH5 /tmp problem Erik Troan (Mar 10)
- Re: Linux libc5 'bug' in mkstemp(). Andreas Jaeger (Mar 10)
- Linux libc5 'bug' in mkstemp(). Greg Alexander (Mar 09)
- Re: Linux libc5 'bug' in mkstemp(). Casper Dik (Mar 10)
- Re: Plaintext passwords in Chase Online Banking dorqus maximus (Mar 08)