According to Theo de Raadt: > This PERL problem was fixed by me in OpenBSD in early _1997_. The > patch I made to perl 5.003 was commited with the following log entry: > revision 1.2 > date: 1997/01/23 04:31:36; author: deraadt; state: Exp; lines: +9 -5 > perl mktemp race; fix mailed to larry > Note that I sent Larry mail about the problem, but this did not result > in a fix shipping in 5.004_04. Bad Larry! What other perl security > problems have not gotten fixed? Well, Larry isn't involved in active Perl coding these days. The people on the hot seat at the moment are: for 5.004_xx: Tim Bunce <Tim.Bunceat_private> for 5.005: Malcolm Beattie <mbeattieat_private> BTW, any perl bugs should be sent to perlbug@perl.{org,com}. Perhaps yours was, I don't mean to imply otherwise; mistakes do happen. I'll forward the patch to them, so they can decide what to do with it. -- Chip Salzenberg - a.k.a. - <chipat_private> "I brought the atom bomb. I think it's a good time to use it." //MST3K
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:44:36 PDT