[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [groff] [PATCH] Avoid Perl's unsafe "<>" operator

From: Colin Watson
Subject: Re: [groff] [PATCH] Avoid Perl's unsafe "<>" operator
Date: Sun, 3 Mar 2019 17:17:22 +0000
User-agent: NeoMutt/20170113 (1.7.2)

On Sun, Mar 03, 2019 at 01:21:49PM +0000, Ralph Corderoy wrote:
> Hi Colin,
> > Perl's "open" documentation even notes for the "< $file\0" trick that
> > "this may not work on some bizarre filesystems", which suggests to me
> > that such a robust proof isn't possible.
> No, that's a misquote.
>       $file =~ s#^(\s)#./$1#;
>       open(my $fh, "< $file\0")
>           || die "Can't open $file: $!";
>     (this may not work on some bizarre filesystems).
> The `bizarre' bit is referring to non-POSIX filesystems that don't like
> `./' as a prefix for the current directory.

Thanks for the correction (I would say it was a misreading rather than a
misquote, since it genuinely wasn't clear to me).

It's true that the ./ part doesn't need to be considered in our case.

> > we're trying to come up with ways to add extra characters to its input
> > that suppress that magic.
> We're using the method described in documentation written by Tom
> Christiansen and his pedigree says to me that's sufficient.  I agree in
> general one looks for a certain way to be safe, but this seems the
> accepted Perl idiom.

Tom indeed has a fine pedigree, but even very competent people can be
wrong, which is why I look for convincing proofs instead.  To be honest,
even with a proof I think I would still prefer my manual construction,
since it requires less effort to convince oneself that it's safe.

>     If magic `open' is a bit too magical for you, you don't have to turn
>     to `sysopen'.

It's worth noting that Tom posted this in 1999, which was before the
three-argument form of open was introduced in Perl 5.6 (March 2000).
Nowadays it would be strange (perhaps even a strawman) to make this
argument, because if "magic" two-argument open is too magical for you,
then the obvious next thing to use is the non-magical three-argument
open, not sysopen.

So, even if that document from 1999 remains authoritative on how to
perform safe escaping, I don't think it's any longer authoritative on
style.  The modern perlopentut(1) still carries Tom's copyright notice
(now from 2013) and doesn't mention the two-argument form of open at
all; that's been relegated to more detailed reference documentation.

Colin Watson                                       address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]