
Arbitrary code execution within Perl - alfiedotwtf
https://twitter.com/alfiedotwtf/status/919190903222185985
======
alfiedotwtf
If a Perl script has setuid root, if it loads any libraries, Perl will try and
read @PERL5LIB. The @[[]] within string interpolation executes code to expand
the string value, but backticks work here too.

I think this is going to be a problem...

~~~
alfiedotwtf
Looks like setuid doesn't work because it needs to be set on the Perl binary
itself and not the script

~~~
alfiedotwtf
My mistake... this way getting shell expanded, so didn't even hit Perl.
Nothing to see here!

