Guys,
$conffile = param('-f') unless $ENV{GATEWAY_INTERFACE};
I'm not really comfortable with this as a fix, since it still relies on
a CGI debugging feature to process arguments.
I've brought in the security team, which apparently should have been
done a long time ago. I suspect they'll
Nick Leverton [EMAIL PROTECTED] writes:
Thanks for your opinion, it's appreciated. But, pulling in
Getopt::Long would require yet another module which I would want to
avoid, especially since it still isn't fully GNU Getopt compatible in
that it insists on a space between a short option
I decided not to use blosxom at all, and I haven't used Perl since
version 4, but it seems like it wouldn't be a ton of work to do both:
support Getopt::Long and look at $ENV. Then, nothing breaks for
anybody.
Gerfried Fuchs [EMAIL PROTECTED] writes:
Hi!
I've today discussed the
Package: blosxom
Version: 2.0-14
Severity: grave
Tags: security
Justification: user security hole
On line 69, param(-f) is used as a potential configuration file:
for $rcfile (/etc/blosxom/blosxom.conf, /etc/blosxom.conf, param(-f)) {
if (-r $rcfile) {
open (RC, $rcfile) or die Cannot
4 matches
Mail list logo
