From 89f530a6b8371ad5f6cfa4a07a2a5d27e42a388e Mon Sep 17 00:00:00 2001 From: David Golden Date: Sat, 25 Jul 2009 18:56:58 -0400 Subject: [PATCH] Add security contact information to perlsec This patch inserts a short paragraph with security contact information near the top of the "Perl Security" documentation page. This would seem a likely place someone would look for such information (rather than INSTALL or perldelta where it lives today). I've put it at the top, not the bottom to make it easier to find. --- pod/perlsec.pod | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/pod/perlsec.pod b/pod/perlsec.pod index 05d9588..d11e3dc 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -12,6 +12,18 @@ with fewer hidden snags. Additionally, because the language has more builtin functionality, it can rely less upon external (and possibly untrustworthy) programs to accomplish its purposes. +=head1 SECURITY VULNERABILITY CONTACT INFORMATION + +If you believe you have found a security vulnerability in Perl, please email +perl5-security-report@perl.org with details. This points to a closed +subscription, unarchived mailing list. Please only use this address for +security issues in the Perl core, not for modules independently distributed on +CPAN. + +=head1 SECURITY MECHANISMS AND CONCERNS + +=head2 Taint mode + Perl automatically enables a set of special security checks, called I, when it detects its program running with differing real and effective user or group IDs. The setuid bit in Unix permissions is mode 04000, the -- 2.7.4