CINXE.COM

<!DOCTYPE html> <html lang="en-US" class="no-js"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <script>(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);</script> <title>Mastering Perl</title> <meta name='robots' content='max-image-preview:large' /> <link rel='dns-prefetch' href='//fonts.googleapis.com' /> <link rel='dns-prefetch' href='//s.w.org' /> <link href='https://fonts.gstatic.com' crossorigin rel='preconnect' /> <link rel="alternate" type="application/rss+xml" title="Mastering Perl » Feed" href="https://www.masteringperl.org/feed/" /> <link rel="alternate" type="application/rss+xml" title="Mastering Perl » Comments Feed" href="https://www.masteringperl.org/comments/feed/" /> <script> window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/www.masteringperl.org\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.8.3"}}; !function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode;p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0);e=i.toDataURL();return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p||!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([10084,65039,8205,55357,56613],[10084,65039,8203,55357,56613])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(n=t.source||{}).concatemoji?c(n.concatemoji):n.wpemoji&&n.twemoji&&(c(n.twemoji),c(n.wpemoji)))}(window,document,window._wpemojiSettings); </script> <style> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 .07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-block-library-css' href='https://www.masteringperl.org/wp-includes/css/dist/block-library/style.min.css?ver=5.8.3' media='all' /> <style id='wp-block-library-theme-inline-css'> #start-resizable-editor-section{display:none}.wp-block-audio figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-audio figcaption{color:hsla(0,0%,100%,.65)}.wp-block-code{font-family:Menlo,Consolas,monaco,monospace;color:#1e1e1e;padding:.8em 1em;border:1px solid #ddd;border-radius:4px}.wp-block-embed figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-embed figcaption{color:hsla(0,0%,100%,.65)}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:hsla(0,0%,100%,.65)}.wp-block-image figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-image figcaption{color:hsla(0,0%,100%,.65)}.wp-block-pullquote{border-top:4px solid;border-bottom:4px solid;margin-bottom:1.75em;color:currentColor}.wp-block-pullquote__citation,.wp-block-pullquote cite,.wp-block-pullquote footer{color:currentColor;text-transform:uppercase;font-size:.8125em;font-style:normal}.wp-block-quote{border-left:.25em solid;margin:0 0 1.75em;padding-left:1em}.wp-block-quote cite,.wp-block-quote footer{color:currentColor;font-size:.8125em;position:relative;font-style:normal}.wp-block-quote.has-text-align-right{border-left:none;border-right:.25em solid;padding-left:0;padding-right:1em}.wp-block-quote.has-text-align-center{border:none;padding-left:0}.wp-block-quote.is-large,.wp-block-quote.is-style-large{border:none}.wp-block-search .wp-block-search__label{font-weight:700}.wp-block-group.has-background{padding:1.25em 2.375em;margin-top:0;margin-bottom:0}.wp-block-separator{border:none;border-bottom:2px solid;margin-left:auto;margin-right:auto;opacity:.4}.wp-block-separator:not(.is-style-wide):not(.is-style-dots){width:100px}.wp-block-separator.has-background:not(.is-style-dots){border-bottom:none;height:1px}.wp-block-separator.has-background:not(.is-style-wide):not(.is-style-dots){height:2px}.wp-block-table thead{border-bottom:3px solid}.wp-block-table tfoot{border-top:3px solid}.wp-block-table td,.wp-block-table th{padding:.5em;border:1px solid;word-break:normal}.wp-block-table figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-table figcaption{color:hsla(0,0%,100%,.65)}.wp-block-video figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-video figcaption{color:hsla(0,0%,100%,.65)}.wp-block-template-part.has-background{padding:1.25em 2.375em;margin-top:0;margin-bottom:0}#end-resizable-editor-section{display:none} </style> <link rel='stylesheet' id='titan-adminbar-styles-css' href='https://www.masteringperl.org/wp-content/plugins/anti-spam/assets/css/admin-bar.css?ver=7.3.0' media='all' /> <link rel='stylesheet' id='twentysixteen-fonts-css' href='https://fonts.googleapis.com/css?family=Merriweather%3A400%2C700%2C900%2C400italic%2C700italic%2C900italic%7CMontserrat%3A400%2C700%7CInconsolata%3A400&subset=latin%2Clatin-ext&display=fallback' media='all' /> <link rel='stylesheet' id='genericons-css' href='https://www.masteringperl.org/wp-content/themes/twentysixteen/genericons/genericons.css?ver=20201208' media='all' /> <link rel='stylesheet' id='twentysixteen-style-css' href='https://www.masteringperl.org/wp-content/themes/twentysixteen/style.css?ver=20201208' media='all' /> <link rel='stylesheet' id='twentysixteen-block-style-css' href='https://www.masteringperl.org/wp-content/themes/twentysixteen/css/blocks.css?ver=20190102' media='all' />     <script src='https://www.masteringperl.org/wp-includes/js/jquery/jquery.min.js?ver=3.6.0' id='jquery-core-js'></script> <script src='https://www.masteringperl.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2' id='jquery-migrate-js'></script> <link rel="https://api.w.org/" href="https://www.masteringperl.org/wp-json/" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.masteringperl.org/xmlrpc.php?rsd" /> <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.masteringperl.org/wp-includes/wlwmanifest.xml" /> <meta name="generator" content="WordPress 5.8.3" /> <link type="text/css" rel="stylesheet" href="/wp-content/plugins/syntax-highlighter-and-code-prettifier/styles/shCore.css" /> <link type="text/css" rel="stylesheet" href="/wp-content/plugins/syntax-highlighter-and-code-prettifier/styles/shThemeDefault.css" /> <script type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shCore.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushBash.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushCpp.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushCSharp.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushCss.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushDelphi.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushDiff.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushGroovy.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushJava.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushJScript.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushPerl.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushPhp.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushPlain.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushPython.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushRuby.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushScala.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushSql.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushVb.js"></script> <script async type="text/javascript" src="/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/shBrushXml.js"></script> <script type="text/javascript"> SyntaxHighlighter.config.clipboardSwf = '/wp-content/plugins/syntax-highlighter-and-code-prettifier/scripts/clipboard.swf'; SyntaxHighlighter.all(); </script>  <meta name="twitter:card" content="summary" /> <meta name="twitter:site" content="@briandfoy_perl" /> <meta name="twitter:creator" content="@briandfoy_perl" /> <meta name="twitter:url" content="https://www.masteringperl.org" /> <meta name="twitter:title" content="Mastering Perl" /> <meta name="twitter:description" content="Mastering Perl" /> <meta name="twitter:image" content="http://www.masteringperl.org/images/vicunas-180.jpg" />  </head> <body class="home blog wp-embed-responsive hfeed"> <div id="page" class="site"> <div class="site-inner"> <a class="skip-link screen-reader-text" href="#content">Skip to content</a> <header id="masthead" class="site-header"> <div class="site-header-main"> <div class="site-branding"> <h1 class="site-title"><a href="https://www.masteringperl.org/" rel="home">Mastering Perl</a></h1> </div> <button id="menu-toggle" class="menu-toggle">Menu</button> <div id="site-header-menu" class="site-header-menu"> <nav id="site-navigation" class="main-navigation" aria-label="Primary Menu"> <div class="menu-menu-container"><ul id="menu-menu" class="primary-menu"><li id="menu-item-397" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-397"><a href="https://www.masteringperl.org/reviews/">Reviews</a></li> <li id="menu-item-398" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-398"><a href="https://www.masteringperl.org/new-in-2e/">New in 2e</a></li> <li id="menu-item-399" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-399"><a href="https://www.masteringperl.org/downloads_page/">Downloads</a></li> </ul></div> </nav> </div> </div> </header> <div id="content" class="site-content"> <div id="primary" class="content-area"> <main id="main" class="site-main"> <article id="post-393" class="post-393 post type-post status-publish format-standard hentry category-secure-programming-techniques tag-bash"> <header class="entry-header"> <h2 class="entry-title"><a href="https://www.masteringperl.org/2020/03/are-those-command-line-arguments-safe/" rel="bookmark">Are those command-line arguments safe?</a></h2> </header> <div class="entry-content"> <p>Are those arguments safe? For this, I’m using <i>bash</i>, but the example I show has the same problem in <i>csh</i> and <i>zsh</i>. I’ve known about this for a long time because I’d show off in Perl classes by creating weird filenames with special or weird characters. This stuff didn’t show up in the “Secure Programming Techniques” chapter, but it’s been on my to-do list for a long time.</p> <p> <a href="https://www.masteringperl.org/2020/03/are-those-command-line-arguments-safe/#more-393" class="more-link">Continue reading<span class="screen-reader-text"> “Are those command-line arguments safe?”</span></a></p> </div> <footer class="entry-footer"> <span class="byline"><span class="author vcard"><img alt='' src='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=49&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=98&d=mm&r=g 2x' class='avatar avatar-49 photo' height='49' width='49' loading='lazy'/><span class="screen-reader-text">Author </span> <a class="url fn n" href="https://www.masteringperl.org/author/brian/">brian d foy</a></span></span><span class="posted-on"><span class="screen-reader-text">Posted on </span><a href="https://www.masteringperl.org/2020/03/are-those-command-line-arguments-safe/" rel="bookmark"><time class="entry-date published" datetime="2020-03-16T17:21:52+00:00">March 16, 2020</time><time class="updated" datetime="2022-05-13T06:27:16+00:00">May 13, 2022</time></a></span><span class="cat-links"><span class="screen-reader-text">Categories </span><a href="https://www.masteringperl.org/category/chapters/secure-programming-techniques/" rel="category tag">Secure Programming Techniques</a></span><span class="tags-links"><span class="screen-reader-text">Tags </span><a href="https://www.masteringperl.org/tag/bash/" rel="tag">bash</a></span> </footer> </article> <article id="post-382" class="post-382 post type-post status-publish format-standard hentry category-secure-programming-techniques"> <header class="entry-header"> <h2 class="entry-title"><a href="https://www.masteringperl.org/2020/01/yaml-modules-get-some-security-fixes/" rel="bookmark">YAML modules get some security fixes</a></h2> </header> <div class="entry-content"> <p>Update your YAML modules to change the default behavior to not bless data structures. But, test your code to ensure that you don’t depend on that feature or break a bunch of things through the upgrade. If you depend on the old default behavior, you can to set a variable to enable the old behavior. The <a href="http://blogs.perl.org/users/tinita/2020/01/making-yamlpm-yamlsyck-and-yamlxs-safer-by-default.html">original announcement</a> has more details.</p> <p>Previously I’ve written about Perl’s <a href="/2012/12/the-storable-security-problem/">Storable security problem</a>. In short, inflating a serialized object could load an arbitrary class and potentially run damaging and unintended code. <a href="https://yaml.org/spec/">YAML</a> also has a way to inflate data into class and can have the same problems.</p> <p>Here’s a program to convert a Mojo::URL object to YAML:</p> <pre class="brush:perl">use v5.10; use Mojo::URL; use YAML; my $url = Mojo::URL->new( 'http://www.example.com' ); say Dump( $url ); </pre> <p>The YAML includes a the type of “object” it is, which is basically a blessed Perl reference. Unserializable things, such as filehandes or code references, will have problems. Otherwise, it’s straightforward:</p> <pre class="brush:plain">--- !!perl/hash:Mojo::URL host: www.example.com path: !!perl/hash:Mojo::Path charset: UTF-8 leading_slash: '' parts: [] trailing_slash: '' scheme: http </pre> <p>Now reverse that. This program starts with the YAML text (in an <a href="https://www.effectiveperlprogramming.com/2016/12/strip-leading-spaces-from-here-docs-with-v5-26/">indented here doc</a>) and loads it. Notice that I did not load the <code>Mojo::URL</code> module but I end up with a blessed reference. This uses YAML 1.29 (because a later version will do it differently):</p> <pre class="brush:perl">use v5.26; use YAML qw(Load); # This is v1.29 my $string = <<~"HERE"; --- !!perl/hash:Mojo::URL host: www.example.com path: !!perl/hash:Mojo::Path charset: UTF-8 leading_slash: '' parts: [] trailing_slash: '' scheme: http HERE my $data = Load( $string ); say 'Version: ', YAML->VERSION; say Dumper( $data ); use Data::Dumper; </pre> <p>With an older YAML, I get a Mojo::URL object back, <i>even though<br /> I haven’t loaded that module</i>:</p> <pre class="brush:perl">Version: 1.29 $VAR1 = bless( { 'scheme' => 'http', 'host' => 'www.example.com', 'path' => bless( { 'charset' => 'UTF-8', 'leading_slash' => '', 'parts' => [], 'trailing_slash' => '' }, 'Mojo::Path' ) }, 'Mojo::URL' ); </pre> <p>The rest of the attack is the same as that for Storable. If I know ahead of time that the <code>DESTROY</code> method will do something, I can construct the serialization of that object to get it to act on my data. With <code>File::Temp</code>, I can get it to try to remove files.</p> <p>This feature was reported as a bug in <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862373">Debian #862373 </a>, and then as a <a href="https://github.com/ingydotnet/yaml-pm/issues/176">GitHub issue for the YAML module</a>.</p> <p>With YAML 1.30 (released on January 28, 2020) changes this behavior. Previously (back several versions) it blessed inflated objects by default. Now I get back a simple, non-blessed hash:</p> <pre class="brush:plain">Version: 1.30 $VAR1 = { 'path' => { 'trailing_slash' => '', 'leading_slash' => '', 'charset' => 'UTF-8', 'parts' => [] }, 'scheme' => 'http', 'host' => 'www.example.com' }; </pre> <p>I can set <code>$YAML::LoadBlessed</code> to a true value to get the old behavior. I don’t really want to set a global variable because I don’t know what else I’ll mess up far away in the program. I can do it in a block with <code>local</code> to limit the damage:</p> <pre class="brush:perl">#!perl use v5.26; use YAML qw(Load); my $string = <<~"HERE"; --- !!perl/hash:Mojo::URL host: www.example.com path: !!perl/hash:Mojo::Path charset: UTF-8 leading_slash: '' parts: [] trailing_slash: '' scheme: http HERE my $url = do { local $YAML::LoadBlessed = 1; Load( $string ); }; say Dumper( $url ); use Data::Dumper; </pre> </div> <footer class="entry-footer"> <span class="byline"><span class="author vcard"><img alt='' src='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=49&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=98&d=mm&r=g 2x' class='avatar avatar-49 photo' height='49' width='49' loading='lazy'/><span class="screen-reader-text">Author </span> <a class="url fn n" href="https://www.masteringperl.org/author/brian/">brian d foy</a></span></span><span class="posted-on"><span class="screen-reader-text">Posted on </span><a href="https://www.masteringperl.org/2020/01/yaml-modules-get-some-security-fixes/" rel="bookmark"><time class="entry-date published" datetime="2020-01-29T15:47:44+00:00">January 29, 2020</time><time class="updated" datetime="2022-05-13T06:27:16+00:00">May 13, 2022</time></a></span><span class="cat-links"><span class="screen-reader-text">Categories </span><a href="https://www.masteringperl.org/category/chapters/secure-programming-techniques/" rel="category tag">Secure Programming Techniques</a></span> </footer> </article> <article id="post-363" class="post-363 post type-post status-publish format-standard hentry category-secure-programming-techniques"> <header class="entry-header"> <h2 class="entry-title"><a href="https://www.masteringperl.org/2020/01/the-inadequacy-of-removing-from-inc/" rel="bookmark">The inadequacy of removing . from @INC</a></h2> </header> <div class="entry-content"> <p>Perl’s <code>@INC</code> might find code that you don’t want. That array is list of directories that <code>use</code>, <code>require</code>, and <code>do</code> search to find modules and libraries. By default, the last entry is <code>.</code>, which represents the current working directory.</p> <p>J.D. Lightsey and Todd Rinaldo from <a href="http://www.cpanel.com">cPanel</a> (a top-shelf <a href="http://www.perlfoundation.org/perl_5_core_maintenance_fund">Perl Foundation Core Maintenance Fund</a> sponsor) first reported the issue as <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1238">CVE-2016-1238</a>. If someone puts a module in the current working directory, they don’t have to modify <code>@INC</code> to load it. However, this also means that someone else might put a module in the current working directory, and, in the case that it’s not already installed somewhere else in <code>@INC</code>, the application loads that one. If you’re running from a shared directory, this might affect you. You don’t even need to use the module in some cases as other modules might helpfully try to use it for you, as in a plugin or <a href="https://www.masteringperl.org/2012/12/the-storable-security-problem/">Storable’s object inflation bug</a>.</p> <p>This could be a problem; It could also not be a problem. However, Perls v5.22.3 and v5.24.1 (not yet released as I write this), modify several modules and programs in the <b>perl</b> source tree to remove the dot from <code>@INC</code>.</p> <p>These patches don’t actually solve the entire issue, but they are a good start. They solve a very small corner issue. It’s similar to the parts of <i>Mastering Perl</i> that cover taint checking and the directories in the <code>PATH</code> environment variable. A small fix doesn’t magically protect us from everything else that impacts the issue. We still have to think through the problem based on everything else that is going on.</p> <p>Consider the patch to my module App::Cpan. I loaded some modules conditionally:</p> <pre class="brush:perl">my $log4perl_loaded = eval "require Log::Log4perl; 1"; </pre> <p><a href="https://github.com/andk/cpanpm/commit/394ac06dc5e9e94a81c39c43135d1635f516422e">A patch</a> to fix this <code>@INC</code> problem creates a subroutine that “safely” loads a module:</p> <pre class="brush:perl">sub _safe_load_module { my $name = shift; local @INC = @INC; pop @INC if $INC[-1] eq '.'; eval "require $name; 1"; } </pre> <p>This wraps my previous calls:</p> <pre class="brush:perl">_safe_load_module("Log::Log4perl"); </pre> <p>But, there are many problems with this way of doing things. If the problem is loading modules from directories writeable by other users, why would you limit yourself to looking at a single entry in <code>@INC</code> and only removing it if it has a hard-coded entry in only the last position?</p> <p>I disagree that this is merely a program issue. It’s a risk of using a multi-user computer with every utility, application, or programming language. It’s a consequence of the way things work in these systems. This means the system provides ways, <i>by design</i>, to circumvent this very limited protection.</p> <p>If this is truly a problem, we should examine every entry to <code>@INC</code> to check permissions. Most of the entries are unlikely to be writeable by other users since they are likely owned by a superuser (or other elevated-priveleges account).</p> <p>Should perl track a list of trusted users? Some of the directories might be group writeable. I maintain some systems where many people are able to affect system directories. I typically have a <i>perl</i> group for the people allowed to administer the perl installations. Am I going to trust all of those? I think I trust them, but what if someone changed the group to add a user that I don’t trust?</p> <p>What if one of the entries is a symlink? Maybe someone futzed with the filesytem so that one of the system directories points to a directory that we shouldn’t trust?</p> <p>Now, suppose we have a foolproof way to check that everything about a directory is acceptable. Between the time we do that and the time we try to load the module, does that situation change? Do we need to lock everything?</p> <p>So, there’s all of that. Some filesystems make it so that we can’t trust anything in <code>@INC</code>.</p> <p>But, let’s look at the fix a bit more. There are several statements in <code>_safe_load_module</code>. If I can load a perl debugger here (and there are many ways to do that), I get a chance to run arbitrary code after each statement. After you change <code>@INC</code> I can change it right back. But, I don’t need to change it back. I can append an entry so <code>.</code> is not the last one. Or, what if I had already appended to <code>@INC</code> in such a way that there were two entries for the current directory? Did you know that you can have a code reference in <code>@INC</code>?</p> <p>I don’t even have to trick you into loading a module you don’t know about. If you’re using CPAN, you’re taking far more risk than loading modules from a writeable directory. How many of you actually review the code in the modules you use? I like Mojolicious, I trust it, and I’ve read a lot of the code, but I haven’t read all of it. When I upgrade, I don’t review the code changes.</p> <p>What if they decide to play around with <code>@INC</code>? Every time I install a module from CPAN I take the slight risk that someone has tricked me into installing malicious code, the slightly greater risk of installing exploitable code, and the certainty of installing buggy code.</p> <p>There are some many ways to get to the same effect that deciding to not trust one particular string in one particular position ignores the actual problem. Maybe someone feels safer, but that plays into the hands of the malicious people who know what they are doing and realize this patch won’t stop them.</p> <p>The removal of <code>.</code> is a small, but good step to the much larger problem. We still need to consider what we allow.</p> </div> <footer class="entry-footer"> <span class="byline"><span class="author vcard"><img alt='' src='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=49&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=98&d=mm&r=g 2x' class='avatar avatar-49 photo' height='49' width='49' loading='lazy'/><span class="screen-reader-text">Author </span> <a class="url fn n" href="https://www.masteringperl.org/author/brian/">brian d foy</a></span></span><span class="posted-on"><span class="screen-reader-text">Posted on </span><a href="https://www.masteringperl.org/2020/01/the-inadequacy-of-removing-from-inc/" rel="bookmark"><time class="entry-date published" datetime="2020-01-29T12:59:24+00:00">January 29, 2020</time><time class="updated" datetime="2022-05-13T06:27:16+00:00">May 13, 2022</time></a></span><span class="cat-links"><span class="screen-reader-text">Categories </span><a href="https://www.masteringperl.org/category/chapters/secure-programming-techniques/" rel="category tag">Secure Programming Techniques</a></span> </footer> </article> <article id="post-374" class="post-374 post type-post status-publish format-standard hentry category-commerce"> <header class="entry-header"> <h2 class="entry-title"><a href="https://www.masteringperl.org/2019/01/free-in-safari-online/" rel="bookmark">Read Mastering Perl for free in Safari Online</a></h2> </header> <div class="entry-content"> <p>It seems that the whole of <i>Mastering Perl</i> is <a href="https://www.oreilly.com/library/view/mastering-perl/9780596527242/">available online for free</a> through O’Reilly’s Safari service. I don’t even need to log in to see it. Sometimes Safari Online lets you see previews of books, but this is the whole thing. I’m not particularly concerned about that, but it was unexpected. If this is a fluke and doesn’t work for you (or disappears much later) let me know.</p> <div class="image center"> <div> <img src="/images/mastering-perl-safari-free.png"/></div> </div> <p> <a href="https://www.masteringperl.org/2019/01/free-in-safari-online/#more-374" class="more-link">Continue reading<span class="screen-reader-text"> “Read Mastering Perl for free in Safari Online”</span></a></p> </div> <footer class="entry-footer"> <span class="byline"><span class="author vcard"><img alt='' src='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=49&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=98&d=mm&r=g 2x' class='avatar avatar-49 photo' height='49' width='49' loading='lazy'/><span class="screen-reader-text">Author </span> <a class="url fn n" href="https://www.masteringperl.org/author/brian/">brian d foy</a></span></span><span class="posted-on"><span class="screen-reader-text">Posted on </span><a href="https://www.masteringperl.org/2019/01/free-in-safari-online/" rel="bookmark"><time class="entry-date published" datetime="2019-01-14T12:04:06+00:00">January 14, 2019</time><time class="updated" datetime="2022-05-13T06:27:16+00:00">May 13, 2022</time></a></span><span class="cat-links"><span class="screen-reader-text">Categories </span><a href="https://www.masteringperl.org/category/commerce/" rel="category tag">Commerce</a></span> </footer> </article> <article id="post-367" class="post-367 post type-post status-publish format-standard hentry category-benchmarking tag-fibonacci tag-python"> <header class="entry-header"> <h2 class="entry-title"><a href="https://www.masteringperl.org/2018/08/benchmarking-the-non-iterative-closed-form-solution-for-fibonacci-numbers/" rel="bookmark">Benchmarking the non-iterative, closed-form solution for Fibonacci numbers</a></h2> </header> <div class="entry-content"> <p>Paul Hankin came up with <a href="https://blog.paulhankin.net/fibonacci/">a formula to calculate a Fibonacci numbers</a> without recursively (or iteratively) generating prior ones. Don’t get too excited: his non-iterative, closed-form solution in <i>O(n虏)</i>. That means it’s slow when <i>n</i> is big. I was curious how well this would do in Perl. It’s very fast in Python and dog slow in Perl. </p> <p><center><br /> <span><font size="5">馃悋馃悋馃悋馃悋馃悋</font></span><br /> </center></p> <p> <a href="https://www.masteringperl.org/2018/08/benchmarking-the-non-iterative-closed-form-solution-for-fibonacci-numbers/#more-367" class="more-link">Continue reading<span class="screen-reader-text"> “Benchmarking the non-iterative, closed-form solution for Fibonacci numbers”</span></a></p> </div> <footer class="entry-footer"> <span class="byline"><span class="author vcard"><img alt='' src='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=49&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=98&d=mm&r=g 2x' class='avatar avatar-49 photo' height='49' width='49' loading='lazy'/><span class="screen-reader-text">Author </span> <a class="url fn n" href="https://www.masteringperl.org/author/brian/">brian d foy</a></span></span><span class="posted-on"><span class="screen-reader-text">Posted on </span><a href="https://www.masteringperl.org/2018/08/benchmarking-the-non-iterative-closed-form-solution-for-fibonacci-numbers/" rel="bookmark"><time class="entry-date published" datetime="2018-08-17T03:57:27+00:00">August 17, 2018</time><time class="updated" datetime="2022-05-13T06:27:16+00:00">May 13, 2022</time></a></span><span class="cat-links"><span class="screen-reader-text">Categories </span><a href="https://www.masteringperl.org/category/chapters/benchmarking/" rel="category tag">Benchmarking</a></span><span class="tags-links"><span class="screen-reader-text">Tags </span><a href="https://www.masteringperl.org/tag/fibonacci/" rel="tag">fibonacci</a>, <a href="https://www.masteringperl.org/tag/python/" rel="tag">python</a></span><span class="comments-link"><a href="https://www.masteringperl.org/2018/08/benchmarking-the-non-iterative-closed-form-solution-for-fibonacci-numbers/#comments">3 Comments<span class="screen-reader-text"> on Benchmarking the non-iterative, closed-form solution for Fibonacci numbers</span></a></span> </footer> </article> <article id="post-365" class="post-365 post type-post status-publish format-standard hentry category-secure-programming-techniques"> <header class="entry-header"> <h2 class="entry-title"><a href="https://www.masteringperl.org/2017/01/perl-v5-26-removes-from-inc-but-dont-think-youre-safe/" rel="bookmark">Perl v5.26 removes . from @INC, but don’t think you’re safe!</a></h2> </header> <div class="entry-content"> <p>Perl’s <code>@INC</code> might find code that you don’t want. That array is list of directories that <code>use</code>, <code>require</code>, and <code>do</code> search to find modules and libraries. By default, the last entry has been <code>.</code>, which represents the current working directory. That’s not a real directory; it’s a pointer to a directory you’ll discover later. There’s a fix for one consequence of this problem, but there are still issues of trust. That’s security鈥攖here are always more problems.</p> <div class="image center"> <div> <a href="https://www.flickr.com/photos/drbillydude/13902515516/in/photolist-nbw2vo-7J2bn8-9Vjqcr-zWyUK-qFb26F-9xHbDH-zy2Ap-f4fJkv-zy2oA-bmZAHq-9kt6t-dYxmht-7tVnAg-6A4zNi-zy2zY-4xj3eQ-r5Fony-bywvHa-6A8vsY-q8jUK4-yBVFK-52waFg-4vbvto-An7Gbp-DnAzV-q6eLUN-5bttnd-fQuuBQ-aaSz5L-s7RVd-vAy9Ta-9xLcK5-7Aa8mF-a6WEyb-gbo6HK-fLqZDG-Pa69T-2UdMeZ-8G7nHA-6gmkzu-oks8W-8kgD1m-ajym6B-fafPCY-Gh8V7-zy2nb-doacak-oks16-5TvtQw-2vnSuf" title="Locks"><img loading="lazy" src="https://c5.staticflickr.com/8/7113/13902515516_f267192df8.jpg" width="500" height="333" alt="Locks"/></a></p> <p>“Locks”, by Chilanga Cement on Flickr.</p> </div> </div> <p> <a href="https://www.masteringperl.org/2017/01/perl-v5-26-removes-from-inc-but-dont-think-youre-safe/#more-365" class="more-link">Continue reading<span class="screen-reader-text"> “Perl v5.26 removes . from @INC, but don’t think you’re safe!”</span></a></p> </div> <footer class="entry-footer"> <span class="byline"><span class="author vcard"><img alt='' src='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=49&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=98&d=mm&r=g 2x' class='avatar avatar-49 photo' height='49' width='49' loading='lazy'/><span class="screen-reader-text">Author </span> <a class="url fn n" href="https://www.masteringperl.org/author/brian/">brian d foy</a></span></span><span class="posted-on"><span class="screen-reader-text">Posted on </span><a href="https://www.masteringperl.org/2017/01/perl-v5-26-removes-from-inc-but-dont-think-youre-safe/" rel="bookmark"><time class="entry-date published" datetime="2017-01-03T19:15:33+00:00">January 3, 2017</time><time class="updated" datetime="2022-05-13T06:27:16+00:00">May 13, 2022</time></a></span><span class="cat-links"><span class="screen-reader-text">Categories </span><a href="https://www.masteringperl.org/category/chapters/secure-programming-techniques/" rel="category tag">Secure Programming Techniques</a></span> </footer> </article> <article id="post-351" class="post-351 post type-post status-publish format-standard hentry category-configuration category-modulinos"> <header class="entry-header"> <h2 class="entry-title"><a href="https://www.masteringperl.org/2015/12/ive-found-over-200-excellent-numbers/" rel="bookmark">I’ve found over 200 excellent numbers</a></h2> </header> <div class="entry-content"> <p>Although Perl is no longer finding the <a href="https://www.masteringperl.org/tag/excellent-numbers/">excellent numbers</a>, it’s still a big part of my process. Perl ran out of steam a long time ago, but it’s still managing everything.</p> <p>I could do big numbers through the <a href="http://www.metacpan.org/module/Math::GMP">Math::GMP</a> module, the time to convert between Perl data structures and GMP data structures kills performance. But, I don’t need Perl for that part. I switched to <a href="https://github.com/briandfoy/excellent_numbers/blob/master/c/excellent-gmp.c">a pure C program</a> for the number crunching part. That does make me appreciate Perl a little more as I do really common things with a lot of typing in C.<br /> <a href="https://www.masteringperl.org/2015/12/ive-found-over-200-excellent-numbers/#more-351" class="more-link">Continue reading<span class="screen-reader-text"> “I’ve found over 200 excellent numbers”</span></a></p> </div> <footer class="entry-footer"> <span class="byline"><span class="author vcard"><img alt='' src='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=49&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=98&d=mm&r=g 2x' class='avatar avatar-49 photo' height='49' width='49' loading='lazy'/><span class="screen-reader-text">Author </span> <a class="url fn n" href="https://www.masteringperl.org/author/brian/">brian d foy</a></span></span><span class="posted-on"><span class="screen-reader-text">Posted on </span><a href="https://www.masteringperl.org/2015/12/ive-found-over-200-excellent-numbers/" rel="bookmark"><time class="entry-date published" datetime="2015-12-29T23:57:10+00:00">December 29, 2015</time><time class="updated" datetime="2022-05-13T06:27:16+00:00">May 13, 2022</time></a></span><span class="cat-links"><span class="screen-reader-text">Categories </span><a href="https://www.masteringperl.org/category/chapters/configuration/" rel="category tag">Configuration</a>, <a href="https://www.masteringperl.org/category/chapters/modulinos/" rel="category tag">Modulinos</a></span> </footer> </article> <article id="post-348" class="post-348 post type-post status-publish format-standard hentry category-uncategorized tag-excellent-numbers"> <header class="entry-header"> <h2 class="entry-title"><a href="https://www.masteringperl.org/2015/10/some-interesting-patterns-in-excellent-numbers/" rel="bookmark">Some interesting patterns in excellent numbers</a></h2> </header> <div class="entry-content"> <p>I’ve noticed some curious patterns in <a href="https://www.masteringperl.org/tag/excellent-numbers/">excellent numbers</a>. This relates to the Perl stuff I wrote about earlier, but this post isn’t about the Perl.</p> <p>Ignoring the spaces which I use to show the pattern, each of these numbers are excellent. The pattern pivots on a 4 which can have zero or more 3s on the left side and the same number of 6s on the right side. End it all with an 8. The right half is twice the left half. I conjecture that every series of excellent numbers of a particular length has such a number. I’ll figure out the proof later: <a href="https://www.masteringperl.org/2015/10/some-interesting-patterns-in-excellent-numbers/#more-348" class="more-link">Continue reading<span class="screen-reader-text"> “Some interesting patterns in excellent numbers”</span></a></p> </div> <footer class="entry-footer"> <span class="byline"><span class="author vcard"><img alt='' src='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=49&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=98&d=mm&r=g 2x' class='avatar avatar-49 photo' height='49' width='49' loading='lazy'/><span class="screen-reader-text">Author </span> <a class="url fn n" href="https://www.masteringperl.org/author/brian/">brian d foy</a></span></span><span class="posted-on"><span class="screen-reader-text">Posted on </span><a href="https://www.masteringperl.org/2015/10/some-interesting-patterns-in-excellent-numbers/" rel="bookmark"><time class="entry-date published" datetime="2015-10-13T04:35:13+00:00">October 13, 2015</time><time class="updated" datetime="2022-05-13T06:27:16+00:00">May 13, 2022</time></a></span><span class="cat-links"><span class="screen-reader-text">Categories </span><a href="https://www.masteringperl.org/category/uncategorized/" rel="category tag">Uncategorized</a></span><span class="tags-links"><span class="screen-reader-text">Tags </span><a href="https://www.masteringperl.org/tag/excellent-numbers/" rel="tag">excellent numbers</a></span> </footer> </article> <article id="post-335" class="post-335 post type-post status-publish format-standard hentry category-benchmarking tag-excellent-numbers"> <header class="entry-header"> <h2 class="entry-title"><a href="https://www.masteringperl.org/2015/10/doing-less-work-to-compute-excellent-numbers/" rel="bookmark">Doing less work to compute excellent numbers</a></h2> </header> <div class="entry-content"> <p>When I last looked at <a href="/2015/05/computing-excellent-numbers/">excellent numbers</a>, I knew there was more work I could do to optimize what I was doing. In particular, I knew there was some upper limit to the range of numbers I had to check. I didn’t take the time to think about until today. I had a brief foray into other languages, such as <a href="http://stackoverflow.com/questions/30447286/how-can-i-improve-the-performance-of-my-julia-program-for-excellent-numbers">my attempt with Julia</a>, as I ran out of time to think about it. <a href="https://www.masteringperl.org/2015/10/doing-less-work-to-compute-excellent-numbers/#more-335" class="more-link">Continue reading<span class="screen-reader-text"> “Doing less work to compute excellent numbers”</span></a></p> </div> <footer class="entry-footer"> <span class="byline"><span class="author vcard"><img alt='' src='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=49&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=98&d=mm&r=g 2x' class='avatar avatar-49 photo' height='49' width='49' loading='lazy'/><span class="screen-reader-text">Author </span> <a class="url fn n" href="https://www.masteringperl.org/author/brian/">brian d foy</a></span></span><span class="posted-on"><span class="screen-reader-text">Posted on </span><a href="https://www.masteringperl.org/2015/10/doing-less-work-to-compute-excellent-numbers/" rel="bookmark"><time class="entry-date published" datetime="2015-10-03T03:44:58+00:00">October 3, 2015</time><time class="updated" datetime="2022-05-13T06:27:16+00:00">May 13, 2022</time></a></span><span class="cat-links"><span class="screen-reader-text">Categories </span><a href="https://www.masteringperl.org/category/chapters/benchmarking/" rel="category tag">Benchmarking</a></span><span class="tags-links"><span class="screen-reader-text">Tags </span><a href="https://www.masteringperl.org/tag/excellent-numbers/" rel="tag">excellent numbers</a></span> </footer> </article> <article id="post-332" class="post-332 post type-post status-publish format-standard hentry category-philosophy"> <header class="entry-header"> <h2 class="entry-title"><a href="https://www.masteringperl.org/2015/05/the-revolution-hasnt-happened/" rel="bookmark">The revolution hasn’t happened</a></h2> </header> <div class="entry-content"> <p>Alan Kay says the computer revolution hasn’t happened. Here’s a talk he gave at OOPLSA in 1997. He has gems such as “I made up the term object-oriented, and I can tell you I did not have C++ in mind.” <a href="https://www.masteringperl.org/2015/05/the-revolution-hasnt-happened/#more-332" class="more-link">Continue reading<span class="screen-reader-text"> “The revolution hasn’t happened”</span></a></p> </div> <footer class="entry-footer"> <span class="byline"><span class="author vcard"><img alt='' src='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=49&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/edd8638efe875601bfe394a8aea5b16d?s=98&d=mm&r=g 2x' class='avatar avatar-49 photo' height='49' width='49' loading='lazy'/><span class="screen-reader-text">Author </span> <a class="url fn n" href="https://www.masteringperl.org/author/brian/">brian d foy</a></span></span><span class="posted-on"><span class="screen-reader-text">Posted on </span><a href="https://www.masteringperl.org/2015/05/the-revolution-hasnt-happened/" rel="bookmark"><time class="entry-date published" datetime="2015-05-26T01:21:56+00:00">May 26, 2015</time><time class="updated" datetime="2022-05-13T06:27:16+00:00">May 13, 2022</time></a></span><span class="cat-links"><span class="screen-reader-text">Categories </span><a href="https://www.masteringperl.org/category/philosophy/" rel="category tag">Philosophy</a></span><span class="comments-link"><a href="https://www.masteringperl.org/2015/05/the-revolution-hasnt-happened/#comments">5 Comments<span class="screen-reader-text"> on The revolution hasn’t happened</span></a></span> </footer> </article> <nav class="navigation pagination" role="navigation" aria-label="Posts"> <h2 class="screen-reader-text">Posts navigation</h2> <div class="nav-links"><span aria-current="page" class="page-numbers current"><span class="meta-nav screen-reader-text">Page </span>1</span> <a class="page-numbers" href="https://www.masteringperl.org/page/2/"><span class="meta-nav screen-reader-text">Page </span>2</a> <span class="page-numbers dots">…</span> <a class="page-numbers" href="https://www.masteringperl.org/page/6/"><span class="meta-nav screen-reader-text">Page </span>6</a> <a class="next page-numbers" href="https://www.masteringperl.org/page/2/">Next page</a></div> </nav> </main> </div> <aside id="secondary" class="sidebar widget-area"> <section id="text-8" class="widget widget_text"> <div class="textwidget"><div id="book_picture" align="center"> <a href="https://amzn.to/3daH1xn"><img src="/images/vicunas-180.jpg" width="180" height="236"></a> </div> <br/> <div id="donate" align="center"> <script async type="text/javascript" id='fbnufur'>(function(i){var f,s=document.getElementById(i);f=document.createElement('iframe');f.src='//button.flattr.com/view/?uid=briandfoy&button=compact&url='+encodeURIComponent(document.URL);f.title='Flattr';f.height=20;f.width=110;f.style.borderWidth=0;s.parentNode.insertBefore(f,s);})('fbnufur');</script> <br/> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_s-xclick" /> <input type="hidden" name="hosted_button_id" value="11077925" /> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" /> <img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1" /> </form> </div> <br /> </div> </section> <section id="recent-posts-4" class="widget widget_recent_entries"> <h2 class="widget-title">Latest items</h2><nav role="navigation" aria-label="Latest items"> <ul> <li> <a href="https://www.masteringperl.org/2020/03/are-those-command-line-arguments-safe/">Are those command-line arguments safe?</a> </li> <li> <a href="https://www.masteringperl.org/2020/01/yaml-modules-get-some-security-fixes/">YAML modules get some security fixes</a> </li> <li> <a href="https://www.masteringperl.org/2020/01/the-inadequacy-of-removing-from-inc/">The inadequacy of removing . from @INC</a> </li> <li> <a href="https://www.masteringperl.org/2019/01/free-in-safari-online/">Read Mastering Perl for free in Safari Online</a> </li> <li> <a href="https://www.masteringperl.org/2018/08/benchmarking-the-non-iterative-closed-form-solution-for-fibonacci-numbers/">Benchmarking the non-iterative, closed-form solution for Fibonacci numbers</a> </li> </ul> </nav></section><section id="categories-4" class="widget widget_categories"><h2 class="widget-title">Topics</h2><form action="https://www.masteringperl.org" method="get"><label class="screen-reader-text" for="cat">Topics</label><select name='cat' id='cat' class='postform' > <option value='-1'>Select Category</option> <option class="level-0" value="41">Advanced Topics  (1)</option> <option class="level-0" value="11">Changes  (20)</option> <option class="level-0" value="4">Chapters  (45)</option> <option class="level-1" value="12">   Advanced Regular Expressions  (3)</option> <option class="level-1" value="7">   Benchmarking  (10)</option> <option class="level-1" value="14">   Cleaning Up Perl  (1)</option> <option class="level-1" value="23">   Configuration  (2)</option> <option class="level-1" value="25">   Dynamic Subroutines  (3)</option> <option class="level-1" value="16">   Error Handling  (4)</option> <option class="level-1" value="24">   Jury Rigging and Modifying Modules  (1)</option> <option class="level-1" value="15">   Logging  (1)</option> <option class="level-1" value="30">   Modulinos  (4)</option> <option class="level-1" value="33">   Perl Debuggers  (1)</option> <option class="level-1" value="5">   Persistence  (4)</option> <option class="level-1" value="32">   Profiling  (2)</option> <option class="level-1" value="6">   Secure Programming Techniques  (9)</option> <option class="level-1" value="28">   Symbol Tables  (2)</option> <option class="level-1" value="31">   Tied Variables  (1)</option> <option class="level-1" value="10">   Working with Bits  (2)</option> <option class="level-0" value="29">Commerce  (3)</option> <option class="level-0" value="9">Downloads  (2)</option> <option class="level-0" value="40">Ebooks  (1)</option> <option class="level-0" value="43">Philosophy  (1)</option> <option class="level-0" value="34">Presentation  (1)</option> <option class="level-0" value="8">Second Edition  (20)</option> <option class="level-0" value="3">the writing process  (5)</option> <option class="level-0" value="1">Uncategorized  (2)</option> <option class="level-0" value="13">Working with Pod  (1)</option> </select> </form> <script> /* <![CDATA[ */ (function() { var dropdown = document.getElementById( "cat" ); function onCatChange() { if ( dropdown.options[ dropdown.selectedIndex ].value > 0 ) { dropdown.parentNode.submit(); } } dropdown.onchange = onCatChange; })(); /* ]]> */ </script> </section><section id="archives-4" class="widget widget_archive"><h2 class="widget-title">Archives</h2> <label class="screen-reader-text" for="archives-dropdown-4">Archives</label> <select id="archives-dropdown-4" name="archive-dropdown"> <option value="">Select Month</option> <option value='https://www.masteringperl.org/2020/03/'> March 2020  (1)</option> <option value='https://www.masteringperl.org/2020/01/'> January 2020  (2)</option> <option value='https://www.masteringperl.org/2019/01/'> January 2019  (1)</option> <option value='https://www.masteringperl.org/2018/08/'> August 2018  (1)</option> <option value='https://www.masteringperl.org/2017/01/'> January 2017  (1)</option> <option value='https://www.masteringperl.org/2015/12/'> December 2015  (1)</option> <option value='https://www.masteringperl.org/2015/10/'> October 2015  (2)</option> <option value='https://www.masteringperl.org/2015/05/'> May 2015  (2)</option> <option value='https://www.masteringperl.org/2015/01/'> January 2015  (2)</option> <option value='https://www.masteringperl.org/2014/12/'> December 2014  (1)</option> <option value='https://www.masteringperl.org/2014/10/'> October 2014  (3)</option> <option value='https://www.masteringperl.org/2014/08/'> August 2014  (1)</option> <option value='https://www.masteringperl.org/2014/07/'> July 2014  (1)</option> <option value='https://www.masteringperl.org/2014/02/'> February 2014  (4)</option> <option value='https://www.masteringperl.org/2014/01/'> January 2014  (2)</option> <option value='https://www.masteringperl.org/2013/10/'> October 2013  (5)</option> <option value='https://www.masteringperl.org/2013/09/'> September 2013  (1)</option> <option value='https://www.masteringperl.org/2013/08/'> August 2013  (10)</option> <option value='https://www.masteringperl.org/2013/07/'> July 2013  (6)</option> <option value='https://www.masteringperl.org/2013/06/'> June 2013  (5)</option> <option value='https://www.masteringperl.org/2013/05/'> May 2013  (2)</option> <option value='https://www.masteringperl.org/2013/02/'> February 2013  (4)</option> <option value='https://www.masteringperl.org/2012/12/'> December 2012  (1)</option> <option value='https://www.masteringperl.org/2012/08/'> August 2012  (1)</option> </select> <script> /* <![CDATA[ */ (function() { var dropdown = document.getElementById( "archives-dropdown-4" ); function onSelectChange() { if ( dropdown.options[ dropdown.selectedIndex ].value !== '' ) { document.location.href = this.options[ this.selectedIndex ].value; } } dropdown.onchange = onSelectChange; })(); /* ]]> */ </script> </section><section id="text-6" class="widget widget_text"><h2 class="widget-title">External links</h2> <div class="textwidget"><ul> <li><a href="https://www.amazon.com/gp/product/1449303587/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1449303587&linkCode=as2&tag=hashbang09-20&linkId=FMG2FNMK3VMVYTY5">Amazon.com</a> <li><a class="external" href="http://shop.oreilly.com/product/0636920018452.do">O'Reilly catalog page</a></li> <li><a class="external" href="http://my.safaribooksonline.com/book/-/9781449311063">Safari Books Online</a></li> <li><a class="external" href="http://my.safaribooksonline.com/book/programming/perl/9781449328047">Learning Perl Student Workbook (Safari Books Online)</a></li> <li><a class="external" href="http://shop.oreilly.com/product/0636920018469.do">Learning Perl Student Workbook (O'Reilly catalog page)</a></li> <li><a class="external" href="http://oreilly.com/catalog/errata.csp?isbn=0636920018452">Errata</a> <li><a class="external" href="http://perldoc.perl.org">Official Perl documentation</a> <li><a class="external" href="http://faq.perl.org">Official Perl FAQ</a> <li><a class="external" href="http://www.theperlreview.com">The Perl Review</a> <li><a class="external" href="http://learn.perl.org">Learn Perl</a>, from <a href="http://www.perlfoundation.org">The Perl Foundation</a></li> <li><a class="external" href="http://www.programmingperl.org">Programming Perl</a></li> <li><a class="external" href="http://www.effectiveperlprogramming.com">The Effective Perler</a> </ul></div> </section> </aside> </div> <footer id="colophon" class="site-footer"> <nav class="main-navigation" aria-label="Footer Primary Menu"> <div class="menu-menu-container"><ul id="menu-menu-1" class="primary-menu"><li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-397"><a href="https://www.masteringperl.org/reviews/">Reviews</a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-398"><a href="https://www.masteringperl.org/new-in-2e/">New in 2e</a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-399"><a href="https://www.masteringperl.org/downloads_page/">Downloads</a></li> </ul></div> </nav> <div class="site-info"> <span class="site-title"><a href="https://www.masteringperl.org/" rel="home">Mastering Perl</a></span> <a href="https://wordpress.org/" class="imprint"> Proudly powered by WordPress </a> </div> </footer> </div> </div> <script src='https://www.masteringperl.org/wp-content/themes/twentysixteen/js/skip-link-focus-fix.js?ver=20170530' id='twentysixteen-skip-link-focus-fix-js'></script> <script id='twentysixteen-script-js-extra'> var screenReaderText = {"expand":"expand child menu","collapse":"collapse child menu"}; </script> <script src='https://www.masteringperl.org/wp-content/themes/twentysixteen/js/functions.js?ver=20181217' id='twentysixteen-script-js'></script> <script src='https://www.masteringperl.org/wp-includes/js/wp-embed.min.js?ver=5.8.3' id='wp-embed-js'></script> </body> </html>