diff options
Diffstat (limited to 'ext/NDBM_File')
-rw-r--r-- | ext/NDBM_File/NDBM_File.pm | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ext/NDBM_File/NDBM_File.pm b/ext/NDBM_File/NDBM_File.pm index fc250ec840..97c3917c92 100644 --- a/ext/NDBM_File/NDBM_File.pm +++ b/ext/NDBM_File/NDBM_File.pm @@ -104,6 +104,23 @@ This warning is emitted when you try to store a key or a value that is too long. It means that the change was not recorded in the database. See BUGS AND WARNINGS below. +=head1 SECURITY AND PORTABILITY + +B<Do not accept NDBM files from untrusted sources.> + +On modern Linux systems these are typically GDBM files, which are not +portable across platforms. + +The GDBM documentation doesn't imply that files from untrusted sources +can be safely used with C<libgdbm>. + +Systems that don't use GDBM compatibilty for ndbm support will be +using a platform specific library, possibly inherited from BSD +systems, where it may or may not be safe to use an untrusted file. + +A maliciously crafted file might cause perl to crash or even expose a +security vulnerability. + =head1 BUGS AND WARNINGS There are a number of limits on the size of the data that you can |