On 2019-01-23 13:56:04 +0000, Colin Watson wrote: > I'm not quite sure of the circumstances in which an attacker (presumably > the author of a document you've received) might be able to control the > arguments to gropdf; but regardless, this does seem to be undesirable > command-line handling and I think we should fix it.
Files can be downloaded from the web (potentially in archives), and one doesn't also check the filenames, particular when using wildcards such as ./* or with find + xargs. > Alternatively, perhaps we could just copy ARGV::readonly from CPAN into > the start of all our Perl scripts? It's sufficiently small that it > might not be worth getting too worked up about the code duplication: > > > https://metacpan.org/source/DAVIDNICO/ARGV-readonly-0.01/lib/ARGV/readonly.pm Yes. At the same time, in each case, decide what to do with "-", i.e. whether it should be regarded as a filename or as stdin (the latter is common, standard for some utilities, and may be regarded as convenient, and should be documented if used). -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
