/ 
PAR-0.01
/ PAR::Filter
Security Advisories (2)
CVE-2011-4114 (2011-07-18)

PAR packed files are extracted to unsafe and predictable temporary directories (this bug was originally reported against PAR::Packer, but it applies to PAR as well).

CVE-2011-5060 (2012-01-13)

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.

NAME

PAR::Filter - Run scripts inside a Perl Archive

VERSION

This document describes version 0.01 of PAR::Filter.

SYNOPSIS

This runs test.pl or script/test.pl from foo.par:

% perl -MPAR foo.par test.pl

Same thing, but without loading @INC hooks from PAR.pm, so lib/* modules inside foo.par cannot be used:

% perl -MPAR::Filter foo.par test.pl

DESCRIPTION

This module is used by PAR to run scripts stored inside a Perl Archive. See PAR for usage details.

SEE ALSO

PAR, Filter::Simple

AUTHORS

Autrijus Tang <autrijus@autrijus.org>

COPYRIGHT

Copyright 2001 by Autrijus Tang <autrijus@autrijus.org>.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

See http://www.perl.com/perl/misc/Artistic.html