package perl severity 588017 grave thanks Dominic Hargreaves wrote: > Whoa, this is quite hasty. Maybe.
> The reason that this is a security bug is > because the current directory should not be trusted, because it might > be writable by a *different* non-root user who might wish to trick you > into running malicious code. For exactly the same reason, shells don't have > the current directory in their path. Now I see the point. Though practially I guess that includes only /tmp and a superuser executing something from the /home/xyz/... < I'm not going to start play severity games, but thie looks very much > like a security bug to me. Granted, my arguments are quite weak, so I restored the original severity. -- Eugene V. Lyubimkin aka JackYF, JID: jackyf.devel(maildog)gmail.com C++/Perl developer, Debian Developer
signature.asc
Description: OpenPGP digital signature
