...
An attacker who could control the arguments to the do() subroutine could cause the code to invoke arbitrary shell commands.
This code also violates DCL31-PL. Do not overload reserved keywords or subroutines.
Compliant Solution (VU#583020)
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
sub do {
shift;
$command = shift;
$command =~ /([\w])/;
$command = $1;
$do_call = "xmms -" . $command;
system $do_call;
return $do_call;
}
|
Note that this This code still violates DCL31-PL. Do not overload reserved keywords or subroutines; it is shown here for historical accuracy.
...