diff options
author | Gervase Markham <gerv@mozilla.org> | 2015-01-21 20:49:57 +0100 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-01-21 20:49:57 +0100 |
commit | 4dabf1a9c679f06b3637d3c76e1e05aa83a6d259 (patch) | |
tree | 93ec377d81b16ad7caccc28c4954048358aa431b /testserver.pl | |
parent | 367d9c2f6efd2cc53b773f0c1cc9e19a8d82c5be (diff) | |
download | bugzilla-4dabf1a9c679f06b3637d3c76e1e05aa83a6d259.tar.gz bugzilla-4dabf1a9c679f06b3637d3c76e1e05aa83a6d259.tar.xz |
Bug 1079065: [SECURITY] Always use the 3 arguments form for open() to prevent shell code injection
r=dylan,a=simon
Diffstat (limited to 'testserver.pl')
-rwxr-xr-x | testserver.pl | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/testserver.pl b/testserver.pl index 2ab48f375..d827c80ea 100755 --- a/testserver.pl +++ b/testserver.pl @@ -40,7 +40,7 @@ my @pscmds = ('ps -eo comm,gid', 'ps -acxo command,gid', 'ps -acxo command,rgid' my $sgid = 0; if (!ON_WINDOWS) { foreach my $pscmd (@pscmds) { - open PH, "$pscmd 2>/dev/null |"; + open PH, '-|', "$pscmd 2>/dev/null"; while (my $line = <PH>) { if ($line =~ /^(?:\S*\/)?(?:httpd|apache?)2?\s+(\d+)$/) { $sgid = $1 if $1 > $sgid; @@ -267,7 +267,7 @@ sub check_image { sub create_file { my ($filename, $content) = @_; - open(FH, ">$filename") + open(FH, ">", $filename) or die "Failed to create $filename: $!\n"; binmode FH; print FH $content; @@ -276,7 +276,7 @@ sub create_file { sub read_file { my ($filename) = @_; - open(FH, $filename) + open(FH, '<', $filename) or die "Failed to open $filename: $!\n"; binmode FH; my $content = <FH>; |