This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
https://perl5.git.perl.org / perl5.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Implement facility to plug in syntax triggered by keywords
[perl5.git] / pod / perlsec.pod
diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index 05d9588..d11e3dc 100644 (file)
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -12,6 +12,18 @@ with fewer hidden snags.  Additionally, because the language has more
 builtin functionality, it can rely less upon external (and possibly
 untrustworthy) programs to accomplish its purposes.
 
+=head1 SECURITY VULNERABILITY CONTACT INFORMATION
+
+If you believe you have found a security vulnerability in Perl, please email
+perl5-security-report@perl.org with details.  This points to a closed
+subscription, unarchived mailing list.  Please only use this address for
+security issues in the Perl core, not for modules independently distributed on
+CPAN.
+
+=head1 SECURITY MECHANISMS AND CONCERNS
+
+=head2 Taint mode
+
 Perl automatically enables a set of special security checks, called I<taint
 mode>, when it detects its program running with differing real and effective
 user or group IDs.  The setuid bit in Unix permissions is mode 04000, the
Unnamed repository; edit this file 'description' to name the repository.