Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#! line execs other programs too easily #9930

Open
p5pRT opened this issue Oct 27, 2009 · 6 comments
Open

#! line execs other programs too easily #9930

p5pRT opened this issue Oct 27, 2009 · 6 comments

Comments

@p5pRT
Copy link

p5pRT commented Oct 27, 2009

Migrated from rt.perl.org#70047 (status was 'open')

Searchable as RT70047$

@p5pRT
Copy link
Author

p5pRT commented Oct 27, 2009

From @rgarcia

Created by rgs@consttype.org

Perl will helpfully execute the program given on the shebang line,
except when it contains the string perl. This heuristic is too
strong, it should at least ignore Perl as well.

Assuming that /home/rafael/wxPerl is a copy of /usr/bin/perl, for example​:

  $ cat foo.pl
  #!/home/rafael/wxPerl
  print "$^X\n";

  $ perl foo.pl
  /home/rafael/wxPerl

One can also argue that this feature could be completely removed.

Perl Info

Flags:
    category=core
    severity=low

Site configuration information for perl 5.10.0:

Configured by Debian Project at Fri Jun 26 18:43:11 UTC 2009.

Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
  Platform:
    osname=linux, osvers=2.6.24-23-server, archname=i486-linux-gnu-thread-multi
    uname='linux rothera 2.6.24-23-server #1 smp wed apr 1 22:22:14
utc 2009 i686 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN
-Dcccdlflags=-fPIC -Darchname=i486-linux-gnu -Dprefix=/usr
-Dprivlib=/usr/share/perl/5.10 -Darchlib=/usr/lib/perl/5.10
-Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5
-Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local
-Dsitelib=/usr/local/share/perl/5.10.0
-Dsitearch=/usr/local/lib/perl/5.10.0 -Dman1dir=/usr/share/man/man1
-Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1
-Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl
-Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio
-Uusenm -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib
-Dlibperl=libperl.so.5.10.0 -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN
-fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64',
    optimize='-O2 -g',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing
-pipe -I/usr/local/include'
    ccversion='', gccversion='4.3.3', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib /usr/lib64
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/libc-2.9.so, so=so, useshrplib=true, libperl=libperl.so.5.10.0
    gnulibc_version='2.9'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -O2 -g -L/usr/local/lib'

Locally applied patches:



@INC for perl 5.10.0:
    /home/rafael/perl5lib/share/perl
    /home/rafael/perl5lib/lib/perl
    /etc/perl
    /usr/local/lib/perl/5.10.0
    /usr/local/share/perl/5.10.0
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.10
    /usr/share/perl/5.10
    /usr/local/lib/site_perl
    .


Environment for perl 5.10.0:
    HOME=/home/rafael
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games:/home/rafael/bin
    PERL5LIB=/home/rafael/perl5lib/share/perl:/home/rafael/perl5lib/lib/perl
    PERL_BADLANG (unset)
    SHELL=/bin/bash

@p5pRT
Copy link
Author

p5pRT commented Oct 28, 2009

From @ikegami

On Tue, Oct 27, 2009 at 6​:35 AM, Rafael Garcia-Suarez <
perlbug-followup@​perl.org> wrote​:

# New Ticket Created by Rafael Garcia-Suarez
# Please include the string​: [perl #70047]
# in the subject line of all future correspondence about this issue.
# <URL​: http​://rt.perl.org/rt3/Ticket/Display.html?id=70047 >

This is a bug report for perl from rgs@​consttype.org,
generated with the help of perlbug 1.36 running under perl 5.10.0.

-----------------------------------------------------------------
[Please enter your report here]

Perl will helpfully execute the program given on the shebang line,
except when it contains the string perl. This heuristic is too
strong, it should at least ignore Perl as well.

Careful,

#!C​:\Perl\bin\Perl.exe

is used out there.

@p5pRT
Copy link
Author

p5pRT commented Oct 28, 2009

The RT System itself - Status changed from 'new' to 'open'

@p5pRT
Copy link
Author

p5pRT commented Oct 29, 2009

From @ikegami

On Wed, Oct 28, 2009 at 3​:07 PM, Eric Brine <ikegami@​adaelis.com> wrote​:

On Tue, Oct 27, 2009 at 6​:35 AM, Rafael Garcia-Suarez <
perlbug-followup@​perl.org> wrote​:

# New Ticket Created by Rafael Garcia-Suarez
# Please include the string​: [perl #70047]
# in the subject line of all future correspondence about this issue.
# <URL​: http​://rt.perl.org/rt3/Ticket/Display.html?id=70047 >

This is a bug report for perl from rgs@​consttype.org,
generated with the help of perlbug 1.36 running under perl 5.10.0.

-----------------------------------------------------------------
[Please enter your report here]

Perl will helpfully execute the program given on the shebang line,
except when it contains the string perl. This heuristic is too
strong, it should at least ignore Perl as well.

Careful,

#!C​:\Perl\bin\Perl.exe

is used out there.

Oops! I thought he was saying that Perl was treated the same as perl and
that it shouldn't be, but I see I understood it backwards.

@p5pRT
Copy link
Author

p5pRT commented Oct 29, 2009

From @demerphq

2009/10/28 Eric Brine <ikegami@​adaelis.com>​:

On Tue, Oct 27, 2009 at 6​:35 AM, Rafael Garcia-Suarez <
perlbug-followup@​perl.org> wrote​:

# New Ticket Created by  Rafael Garcia-Suarez
# Please include the string​:  [perl #70047]
# in the subject line of all future correspondence about this issue.
# <URL​: http​://rt.perl.org/rt3/Ticket/Display.html?id=70047 >

This is a bug report for perl from rgs@​consttype.org,
generated with the help of perlbug 1.36 running under perl 5.10.0.

-----------------------------------------------------------------
[Please enter your report here]

Perl will helpfully execute the program given on the shebang line,
except when it contains the string perl. This heuristic is too
strong, it should at least ignore Perl as well.

Careful,

#!C​:\Perl\bin\Perl.exe

is used out there.

Ah but you hit on one of the reasons this feature is there afair, to
make it possible to do shebang style argument passing on OS'es that
dont support it.

cheers,
Yves

--
perl -Mre=debug -e "/just|another|perl|hacker/"

@p5pRT
Copy link
Author

p5pRT commented Oct 29, 2009

From ben@morrow.me.uk

Quoth demerphq@​gmail.com (Demerphq)​:

Ah but you hit on one of the reasons this feature is there afair, to
make it possible to do shebang style argument passing on OS'es that
dont support it.

IMHO this feature could go. It's kinda cute, but a trivial shebang.exe
you can associate files with (or whatever) would be a better solution.

Ben

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants