Bugtraq mailing list archives

Re: Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8

From: Todd.Miller () COURTESAN COM (Todd C. Miller)
Date: Thu, 11 May 2000 00:40:05 -0600


Would it not be simpler (and safer) to just call system() with
a list instead of a scalar and thus prevent perl from ever invoking
a shell?

Ie, instead of:
    system("./processmail $id $::FORM{'who'}");
Use:
    system("./processmail", $id, $::FORM{'who'});

 - todd

Current thread:

BindView Security Advisory: jolt2 - Remote DoS against NT, W2K, 9x, (continued)
- - - BindView Security Advisory: jolt2 - Remote DoS against NT, W2K, 9x BindView Security Advisory (May 19)
    - Bugtraq Stats for the last 3 years available now. Alfred Huger (May 17)
  - KNapster Vulnerability Compromises User-readable Files Tom Daniels (May 10)
  - Gnapster Vulnerability Compromises User-readable Files Jim Early (May 10)
  - Possible symlink problems with Netscape 4.73 foo (May 10)
  - SSH Authentication Vulnerability John P. McNeely (May 10)
    - Re: [cert] SSH Authentication Vulnerability Ignacio Kadel-Garcia (May 11)
  - Black Watch Labs Vulnerability Alert Black Watch Labs (May 10)
    - issues with free Perl CGI's (Re: Black Watch Labs...) Peter W (May 10)
  - Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8 Frank van Vliet (May 10)
    - Re: Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8 Todd C. Miller (May 10)
- NetStructure 7110 console backdoor Brian Oblivion (May 09)
- NetStructure 7180 remote backdoor vulnerability Brian Oblivion (May 09)
- FreeBSD Security Advisory: FreeBSD-SA-00:16.golddig FreeBSD Security Officer (May 09)
- FreeBSD Security Advisory: FreeBSD-SA-00:17.libmytinfo FreeBSD Security Officer (May 09)
- FreeBSD Security Advisory: FreeBSD-SA-00:18.gnapster FreeBSD Security Officer (May 09)
- Self-Replication Using Gnutella Seth McGann (May 09)
- ALERT: Bypassing Warnings For Invalid SSL Certificates In Netscape Navigator Mitja Kolsek (May 10)