Skip Menu |
 

This queue is for tickets about the Crypt-Primes CPAN distribution.

Report information
The Basics
Id: 128058
Status: new
Priority: 0/
Queue: Crypt-Primes

People
Owner: Nobody in particular
Requestors: me [...] eboxr.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: bin/largeprimes use loading modules from unsafe location
Download (untitled) / with headers
text/plain 810b
bin/largeprimes is using a custom shebang, which force to load modules from several locations: '..', '../lib', 'lib' this could lead to load modules from an unpredictable location depending from where the script is run and what user is running it. This is potentially a security issue. Here is a suggested fix, can also be discussed there: https://github.com/atoomic/Crypt-Prime/pull/2 note that I run it on travis using the last Perl version since 5.10 ____ diff --git a/bin/largeprimes b/bin/largeprimes index 498bfbe..c959d81 100755 --- a/bin/largeprimes +++ b/bin/largeprimes @@ -1,4 +1,4 @@ -#!/usr/bin/perl -sI.. -I../lib/ -Ilib/ +#!/usr/bin/perl ## ## largeprimes -- generates large provable primes, uniformally distributed ## in random intervals, with maurer's recursive algorithm.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.