> Suppose that you know the source contains this line
Then you have a massive damn problem, and you could set up the same strawman about almost any language - if you're starting from the premise that you are piping arbitrary user input to a system call unimpeded, all bets are off.
Shall we try some other examples? Let's say you accept input from a user, and dump it unchecked in to output shown to the user via Ruby. OH NOES! Ruby is insecure because it supports CSRF! Or, let's say you use Python and pass in input from a user unimpeded straight to the database without using the quoting mechanisms! OH NOES! Python is insecure because it enables SQL injections! etc etc etc
But wait! you say... Sensible programming languages have specific features to stop these kinds of attacks! And you're right. That's why Perl has taint mode... for when you're dumb enough to pass user input straight to open: http://perldoc.perl.org/perlsec.html#Taint-mode
I'm in no secret quest to stain Perl's reputation you know... Just illustrating how easy it is to exploit unchecked user input in the open() function. It just happens that this particular exploit is way easier in Perl than any other language I know.
Of course we should not extrapolate from this to make a judgment on the language. Of course it's nice that security mechanisms are available to alleviate this issue.
If you see this code, you know that you can execute any command by giving it at the filename prompt and appending a '|' character. For example giving cat /etc/passwd |zenity --text-info | will popup a dialog with the content of /etc/passwd.
Suppose that you know the source contains this line:
How much work and what assumptions do you need to exploit this? In perl it's that easy: