Bug#571623: "version: !perl/Module::Build::Version" results in broken Debian version
Ansgar Burchardt
ansgar at 43-1.org
Fri Feb 26 18:38:31 UTC 2010
Jozef Kutej <jozef at kutej.net> writes:
> Ansgar Burchardt wrote:
>> A YAML file can call constructors for all loaded modules? That would
>
> no, not constructors, there is even no way of knowing what is the name
> of constructor, but even just by loading a module it is code
> execution. mostly the code that makes the initialization and
> import().
That can still result in interesting behaviour together with
overloading. For example the attached program will access the Internet
and the value of $data->{foo}->{content} can change between the two
print statements (influenced by whoever operates the server).
This just waits for somebody to find a way to abuse this...
Regards,
Ansgar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: example.pl
Type: text/x-perl
Size: 567 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20100227/61eb1b37/attachment.pl>
More information about the pkg-perl-maintainers
mailing list