Vulnerability Development mailing list archives

PERL's -e check

From: Joe Testa <jst3290 () RITVAX ISC RIT EDU>
Date: Sun, 24 Dec 2000 19:11:40 -0500

Hi all --

        I've noticed here and there that some PERL scripts pass user input
directly into an open() call protected by a "-e" check.  Example:

        # $temp_file is taken from the submitted form
        if(-e $temp_file) {
                open(TEMP, "<$temp_file");
                ...
        }

        Is there any trick that would bypass the "-e"?  Thanks in advance.

        - Joe Testa


P.S.  Greets to @stake and the cDc.

Current thread:

PERL's -e check Joe Testa (Dec 26)
- Re: PERL's -e check Adam Prato (Dec 26)
- Re: PERL's -e check Matt Zimmerman (Dec 26)
- Re: PERL's -e check Joe Testa (Dec 26)
  - Re: PERL's -e check Matt Zimmerman (Dec 28)
- Re: PERL's -e check Juergen P. Meier (Dec 26)
- Re: PERL's -e check Pavel Kankovsky (Dec 27)