Skip Menu |

This queue is for tickets about the Crypt-Primes CPAN distribution.

Report information
The Basics
Id: 128058
Status: new
Priority: 0/
Queue: Crypt-Primes
People
Owner: Nobody in particular
Requestors: me [...] eboxr.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Wed Dec 19 15:55:34 2018 me [...] eboxr.com - Ticket created
Subject: bin/largeprimes use loading modules from unsafe location
bin/largeprimes is using a custom shebang, which force to load modules from several locations: '..', '../lib', 'lib' this could lead to load modules from an unpredictable location depending from where the script is run and what user is running it. This is potentially a security issue. Here is a suggested fix, can also be discussed there: https://github.com/atoomic/Crypt-Prime/pull/2 note that I run it on travis using the last Perl version since 5.10 ____ diff --git a/bin/largeprimes b/bin/largeprimes index 498bfbe..c959d81 100755 --- a/bin/largeprimes +++ b/bin/largeprimes @@ -1,4 +1,4 @@ -#!/usr/bin/perl -sI.. -I../lib/ -Ilib/ +#!/usr/bin/perl ## ## largeprimes -- generates large provable primes, uniformally distributed ## in random intervals, with maurer's recursive algorithm.