Re: Perl bugs (was Re: another /tmp race: `perl -e')

Chip Salzenberg (chip@ATLANTIC.NET)
Sun, 08 Mar 1998 11:58:39 -0500

According to Theo de Raadt:
> This PERL problem was fixed by me in OpenBSD in early _1997_. The
> patch I made to perl 5.003 was commited with the following log entry:
> revision 1.2
> date: 1997/01/23 04:31:36; author: deraadt; state: Exp; lines: +9 -5
> perl mktemp race; fix mailed to larry
> Note that I sent Larry mail about the problem, but this did not result
> in a fix shipping in 5.004_04. Bad Larry! What other perl security
> problems have not gotten fixed?

Well, Larry isn't involved in active Perl coding these days.
The people on the hot seat at the moment are:

for 5.004_xx: Tim Bunce <Tim.Bunce@ig.co.uk>
for 5.005: Malcolm Beattie <mbeattie@sable.ox.ac.uk>

BTW, any perl bugs should be sent to perlbug@perl.{org,com}. Perhaps
yours was, I don't mean to imply otherwise; mistakes do happen.

I'll forward the patch to them, so they can decide what to do with it.

--
Chip Salzenberg                - a.k.a. -               <chip@pobox.com>
"I brought the atom bomb.  I think it's a good time to use it."  //MST3K