Bugtraq mailing list archives
Re: Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8
From: Todd.Miller () COURTESAN COM (Todd C. Miller)
Date: Thu, 11 May 2000 00:40:05 -0600
Would it not be simpler (and safer) to just call system() with a list instead of a scalar and thus prevent perl from ever invoking a shell? Ie, instead of: system("./processmail $id $::FORM{'who'}"); Use: system("./processmail", $id, $::FORM{'who'}); - todd
Current thread:
- BindView Security Advisory: jolt2 - Remote DoS against NT, W2K, 9x, (continued)
- BindView Security Advisory: jolt2 - Remote DoS against NT, W2K, 9x BindView Security Advisory (May 19)
- Bugtraq Stats for the last 3 years available now. Alfred Huger (May 17)
- KNapster Vulnerability Compromises User-readable Files Tom Daniels (May 10)
- Gnapster Vulnerability Compromises User-readable Files Jim Early (May 10)
- Possible symlink problems with Netscape 4.73 foo (May 10)
- SSH Authentication Vulnerability John P. McNeely (May 10)
- Re: [cert] SSH Authentication Vulnerability Ignacio Kadel-Garcia (May 11)
- Black Watch Labs Vulnerability Alert Black Watch Labs (May 10)
- issues with free Perl CGI's (Re: Black Watch Labs...) Peter W (May 10)
- Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8 Frank van Vliet (May 10)
- Re: Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8 Todd C. Miller (May 10)
- NetStructure 7110 console backdoor Brian Oblivion (May 09)
- NetStructure 7180 remote backdoor vulnerability Brian Oblivion (May 09)
- FreeBSD Security Advisory: FreeBSD-SA-00:16.golddig FreeBSD Security Officer (May 09)
- FreeBSD Security Advisory: FreeBSD-SA-00:17.libmytinfo FreeBSD Security Officer (May 09)
- FreeBSD Security Advisory: FreeBSD-SA-00:18.gnapster FreeBSD Security Officer (May 09)
- Self-Replication Using Gnutella Seth McGann (May 09)
- ALERT: Bypassing Warnings For Invalid SSL Certificates In Netscape Navigator Mitja Kolsek (May 10)