package perl severity 588017 normal thanks Hi Ansgar,
Ansgar Burchardt wrote: > perl includes the current directory as the last element in @INC when not > running in taint mode (-T). As many modules try to load other modules > that may or may not be installed, this can result in code execution. For first, I don't believe this is a bug at all. I even used it for debugging some code as a feature. It's not about using arbitrary code - it's about using a code from a directory, that user (or administrator) has a write access to and therefore directly or indirectly moved the code to that place. I set the severity of the bug to 'normal' for now I leave the final word for Niko Tyni and/or security team. -- Eugene V. Lyubimkin aka JackYF, JID: jackyf.devel(maildog)gmail.com C++/Perl developer, Debian Developer
signature.asc
Description: OpenPGP digital signature
