https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17717
--- Comment #57 from Marco Moreno <[email protected]> --- Hmmm...I'm now reconsidering this and wonder if option #3 is really the best solution by removing '.' from @INC. You made a good point about /tmp being a concern. This, plus the fact that they have removed '.' from @INC in recent versions of Perl, has convinced me that having '.' in @INC is generally a very bad idea and a major security concern. Therefore, I want to propose revisiting comment #40 which removes '.' from @INC in a common library early in the bootstrapping process. This effectively undoes the "feature" added in Perl 5.18 and removed in Perl 5.26. Additionally, this prevents exploits that attempt to insert '.' via PERL5LIB. It is a single line of code, does nothing if '.' doesn't exist in @INC, and doesn't require modifying crons. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
