top | item 8377581 (no title) Ogre | 11 years ago > So ruby and perl are specifically designed to be a handler of untrusted data?Perl actually is when used in taint mode. http://perldoc.perl.org/perlsec.html discuss order hn newest areyousure|11 years ago Yes and no. You can still unintentionally call out to bash if you, say, protect your PATH: $ x='() { :;}; echo vulnerable' perl -t -le'$ENV{PATH}="/bin";print `:;date`' vulnerable Sat Sep 27 10:51:12 PDT 2014
areyousure|11 years ago Yes and no. You can still unintentionally call out to bash if you, say, protect your PATH: $ x='() { :;}; echo vulnerable' perl -t -le'$ENV{PATH}="/bin";print `:;date`' vulnerable Sat Sep 27 10:51:12 PDT 2014
areyousure|11 years ago