oss-sec mailing list archives
Re: Local Privilege Escalations in needrestart
From: Jakub Wilk <jwilk () jwilk net>
Date: Wed, 4 Dec 2024 10:14:39 +0100
* Qualys Security Advisory <qsa () qualys com>, 2024-11-19 16:25:
We therefore grepped the ScanDeps module for one of the oldest pitfalls of the Perl programming language: the two-argument form of open(),
When looking for this kind of vulnerabilities a few years ago, I patched my Perl interpreter to issue runtime warnings against suspicious two-argument open() calls.
The patch still applies cleanly, and apparently even works, so I've attached it here. Maybe someone will find it useful.
-- Jakub Wilk
Attachment:
perl-two-arg-open.patch
Description:
Current thread:
- Local Privilege Escalations in needrestart Qualys Security Advisory (Nov 19)
- Re: Local Privilege Escalations in needrestart Mark Esler (Nov 26)
- Re: Local Privilege Escalations in needrestart Salvatore Bonaccorso (Nov 30)
- Re: Local Privilege Escalations in needrestart Jakub Wilk (Dec 04)
- Re: Local Privilege Escalations in needrestart Mark Esler (Nov 26)