From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: Epiphanov Sergei To: Sisyphus Subject: Re: [sisyphus] Re: Q: perl security, CPAN security Date: Mon, 27 Jun 2005 14:55:44 +0400 User-Agent: KMail/1.8.1 References: <20050626090644.GB31585@solemn.turbinal.org> <200506271303.25973.serpiph@nikiet.ru> <20050627095346.GK31585@solemn.turbinal.org> In-Reply-To: <20050627095346.GK31585@solemn.turbinal.org> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Disposition: inline Message-Id: <200506271455.45144.serpiph@nikiet.ru> Content-Transfer-Encoding: quoted-printable X-BeenThere: sisyphus@altlinux.ru X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ALT Linux Sisyphus discussion list List-Id: ALT Linux Sisyphus discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2005 10:54:20 -0000 Archived-At: List-Archive: =F7 =D3=CF=CF=C2=DD=C5=CE=C9=C9 =CF=D4 27 =E9=C0=CE=D8 2005 13:53 Alexey = Tourbin =CE=C1=D0=C9=D3=C1=CC: > =ED=CF=D6=CE=CF =DA=C1=D0=D5=D3=D4=C9=D4=D8 =D3 =CF=D0=C3=C9=C5=CA -t (= enable tainting warnings), =CF=CE=C1 "=D0=C5=D2=C5=C2=C9=D7=C1=C5=D4" > =CF=D0=C3=C9=C0 -T (enable tainting checks). =9A=EF=C2 =DC=D4=CF=CD =CC= =D5=DE=DB=C5 =CE=C9=CB=CF=CD=D5 =CE=C5 =C7=CF=D7=CF=D2=C9=D4=D8.=20 =E1 =DE=D4=CF =D7 =CC=C5=D3, =DE=D4=CF =D0=CF =C4=D2=CF=D7=C1. =E9=D3=CB=C1= =D4=D8 =CE=D5=D6=CE=D9=CA =D4=C5=CB=D3=D4 =D3=D2=C5=C4=C9 =CB=D5=DE=C9 wa= rning'=CF=D7 =C9=CE=CF=C7=C4=C1=20 =CE=C5 =CC=C5=C7=DE=C5 =CE=C1=D3=D4=D2=CF=CA=CB=C9 =C9=DA-=DA=C1 -T. =E1 = =D5=D6 =CB=C1=CB apache =CE=C1 =D4=C5=D3=D4=CF=D7=CF=CA =CD=C1=DB=C9=CE=C5= =CF=C2=D2=C1=C4=D5=C5=D4=D3=D1=20 (=D0=D2=CF=D7=C5=D2=CB=C1 =C4=C1=D4, =CF=CB=D2=D5=D6=C5=CE=C9=D1, =D0=D2=CF= =C2=CF=D7=C1=D4=D8 =C4=CF=D3=D4=D5=DE=C1=D4=D8=D3=D1 =C4=CF =C6=C1=CA=CC=CF= =D7, ... ). :) > $ perl test.pl arg > /usr/bin/=CB=CF=CD=C1=CE=C4=C1 'arg' > $ perl test.pl arg\'\;rm\ -rf\ \'/ > /usr/bin/=CB=CF=CD=C1=CE=C4=C1 'arg';rm -rf '/' > $ =EE=CF =DC=D4=C9 =D6=C5 =CB=CF=CD=C1=CE=C4=D9 =F7=D9 =CE=C1=C2=C9=D2=C1=C5= =D4=C5 =D3=C1=CD=C9! =F3=D4=C1=CC=CF =C2=D9=D4=D8, =CD=CF=D6=CE=CF =D0=D2= =CF=D7=C5=D2=C9=D4=D8 =DE=D4=CF=20 =CE=C1=C2=C9=D2=C1=C5=D4=C5. =F0=CF=D7=D4=CF=D2=D1=C0: =C4=CC=D1 _=CC=C9=DE= =CE=CF=C7=CF_ =D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=D1. =F1 =D0=C9=DB=D5 =D0=CF=C4= =CF=C2=CE=CF=C5 =C4=CC=D1=20 =CF=C2=D2=C1=C2=CF=D4=CB=C9 =F3=F7=EF=E9=E8 =C6=C1=CA=CC=CF=D7 =D7 =CB=C1= =D4=C1=CC=CF=C7=C5, =D0=D2=C5=C4=D7=C1=D2=C9=D4=C5=CC=D8=CE=CF =D0=D2=CF=D3= =CD=CF=D4=D2=C5=D7 =CE=C1=D0=C9=D3=C1=CE=C9=C5 =C9=C8=20 =C9=CD=A3=CE. > > > 2) =EE=D5=D6=CE=CF =DA=C1=D0=D2=C5=D4=C9=D4=D8 =DA=C1=D0=D5=D3=CB=C1= =D4=D8 CPAN =CF=D4 root'=C1. =9A=F7=CF=DA=CD=CF=D6=CE=C1=D1 =C1=CC=D8=D4=C5= =D2=CE=C1=D4=C9=D7=C1 -- > > > =C7=D2=D5=D0=D0=C1 cpan =C9 =D0=D2=C1=D7=C1 03775 root:cpan =CE=C1 = /usr/local/lib/perl5. > >=20 > > =E1 =F7=D9 =D5=D6=C5 =D0=D2=CF=D7=C5=D2=D1=CC=C9, =DE=D4=CF =DC=D4=CF= =DA=C1=D2=C1=C2=CF=D4=C1=C5=D4 =CE=CF=D2=CD=C1=CC=D8=CE=CF? =F1 =D5=D6=C5= =CE=C1 =D0=CF=C4=CF=C2=CE=CF=CD=20 =CE=C1=CC=C5=D4=C5=CC:=20 > > =D0=CF=D3=CF=D7=C5=D4=CF=D7=C1=CC =D3=CE=C1=DE=C1=CC=C1, =C1 =CB=CF=C7= =C4=C1 =D3=D4=C1=CC =D0=D2=CF=D7=C5=D2=D1=D4=D8, =D4=CF =D0=CF=CE=D1=CC, = =DE=D4=CF =D4=C1=CB =CE=C5=CC=D8=DA=D1. :( >=20 > =EE=C5=D4 =C5=DD=A3. =9A=EE=CF =D0=D2=C9=CE=C3=C9=D0=C9=C1=CC=D8=CE=D9=C8= =CF=C7=D2=C1=CE=C9=DE=C5=CE=C9=CA =CE=C5 =D7=C9=D6=D5. =F5 =CD=C5=CE=D1 umask 077 =C4=CC=D1 =CE=C5-root. =F3=D4=C1=CC=CF =C2=D9=D4= =D8, =D0=CF=D3=CC=C5 =F7=C1=DB=C5=CA =D5=D3=D4=C1=CE=CF=D7=CB=C9 =CE=C9=CB= =D4=CF =CE=C5=20 =D0=CF=CC=D5=DE=C9=D4 =C4=CF=D3=D4=D5=D0 =CB =CD=CF=C4=D5=CC=D1=CD, =C5=D3= =CC=C9 =D3=D0=C5=C3=C9=C1=CC=D8=CE=CF =CE=C5 =C4=A3=D2=C7=C1=D4=D8=D3=D1. --=20 =F3 =D5=D7=C1=D6=C5=CE=C9=C5=CD, =E5=D0=C9=C6=C1=CE=CF=D7 =F3=C5=D2=C7=C5= =CA