/ 
PAR-0.960
/ PAR::StrippedPARL::Static
Security Advisories (2)
CVE-2011-4114 (2011-07-18)

PAR packed files are extracted to unsafe and predictable temporary directories (this bug was originally reported against PAR::Packer, but it applies to PAR as well).

CVE-2011-5060 (2012-01-13)

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.

NAME

PAR::StrippedPARL::Static - Data package containing a static PARL

SYNOPSIS

# For details, see PAR::StrippedPARL::Base.
PAR::StrippedPARL::Static->write_parl($file) or die "Some error...";

DESCRIPTION

This class is internal to PAR. Do not use it outside of PAR.

This class is basically just a container for a static binary PAR loader which doesn't include the PAR code like the parl or parl.exe you are used to. If you're really curious, I'll tell you it is just a copy of the myldr/static (or myldr/static.exe) file.

The data is appended during the make phase of the PAR build process.

If the binary data isn't appended during the build process, the class methods will return the empty list.

CLASS METHODS

Inherits the methods from PAR::StrippedPARL::Base.

AUTHORS

Steffen Mueller <smueller@cpan.org>, Audrey Tang <cpan@audreyt.org>

COPYRIGHT AND LICENSE

Copyright 2006 by Steffen Mueller <smueller@cpan.org>.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

See http://www.perl.com/perl/misc/Artistic.html