In perl.git, the branch blead has been updated <http://perl5.git.perl.org/perl.git/commitdiff/89f530a6b8371ad5f6cfa4a07a2a5d27e42a388e?hp=1784bd3e6b92cb1a7ca22884ab34a333c2b251bd>
- Log ----------------------------------------------------------------- commit 89f530a6b8371ad5f6cfa4a07a2a5d27e42a388e Author: David Golden <[email protected]> Date: Sat Jul 25 18:56:58 2009 -0400 Add security contact information to perlsec This patch inserts a short paragraph with security contact information near the top of the "Perl Security" documentation page. This would seem a likely place someone would look for such information (rather than INSTALL or perldelta where it lives today). I've put it at the top, not the bottom to make it easier to find. ----------------------------------------------------------------------- Summary of changes: pod/perlsec.pod | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-) diff --git a/pod/perlsec.pod b/pod/perlsec.pod index 05d9588..d11e3dc 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -12,6 +12,18 @@ with fewer hidden snags. Additionally, because the language has more builtin functionality, it can rely less upon external (and possibly untrustworthy) programs to accomplish its purposes. +=head1 SECURITY VULNERABILITY CONTACT INFORMATION + +If you believe you have found a security vulnerability in Perl, please email [email protected] with details. This points to a closed +subscription, unarchived mailing list. Please only use this address for +security issues in the Perl core, not for modules independently distributed on +CPAN. + +=head1 SECURITY MECHANISMS AND CONCERNS + +=head2 Taint mode + Perl automatically enables a set of special security checks, called I<taint mode>, when it detects its program running with differing real and effective user or group IDs. The setuid bit in Unix permissions is mode 04000, the -- Perl5 Master Repository
