>>>>> "Michael" == Michael Peters <[EMAIL PROTECTED]> writes:
Michael> Randal L. Schwartz wrote: >>>>>>> "Alex" == Alex Solovey <[EMAIL PROTECTED]> writes: >> Alex> The problem is due to unescaped variable interpolation in regular Alex> expression $uri =~ /$path_info$/ in sub namespace_from: >> >> I don't want to raise too many alarms, but this means that every MP1 server >> has a denial-of-service attack against it now. Michael> Not quite. It only affects people running PerlRun. Not insignificant, Michael> but definitely not everyone. No, it affects users of all script-like things, both mod_perl1 (users of Apache::Registry, Apache::PerlRun), and mod_perl2 (users of ModPerl::PerlRun, ModPerl::PerlRunPrefork, ModPerl::Registry, ModPerl::RegistryBB, ModPerl::RegistryPrefork). They've all copied the same common code. And yes, not everyone. Anyone who has actual "handlers", instead of just using mod_perl to "speed up content delivery by migrating legacy Perl CGI", won't be affected by this. But for the vast public out there, these "superfast scripts" are what mod_perl is. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
