develooper Front page | perl.perl5.porters | Postings from July 2008

Re: [perl #2783] Security of ARGV using 2-argument open - It's a feature

From:
Ed Avis
Date:
July 17, 2008 05:46
Subject:
Re: [perl #2783] Security of ARGV using 2-argument open - It's a feature
Message ID:
loom.20080717T123355-882@post.gmane.org
Joshua ben Jore <twists <at> gmail.com> writes:

>>How about making the implicit open done by <> use either main::open (if
>>defined) or CORE::GLOBAL::open (if defined), so that it's possible to
>>write a SafeOpen.pm that overrides one of these to map
>
>Ok, but name it UnsafeOpen.pm because the default should work
>properly. That is, 5.12 should out of the box not do anything weird
>when given a file with any of the <, >, or | characters anywhere in
>it. It should just read it.

FWIW, I completely agree with this.  In my opinion it is much, much too
dangerous to have a common construct - one which is taught to beginners in every
Perl tutorial and looks innocuous - be tripped up so easily as by a file called
'|x' or anything else containing magic characters.

Yes, taint mode does prevent this, but unless taint mode is on by default for
5.12 it doesn't address the problem.  The simple, default code should be 100%
safe.

Perl's motto is that easy things should be easy: surely reading some files
specified on the command line, without barfing or worse on special characters,
is one of those easy things.  Hard things should be possible, and magical open()
is certainly a useful feature in some situations, but magic can be dangerous.
By all means have it if you ask for it but the default, simplest code must be
safe for all situations.

Please could I ask the perl5 core team to have another look at this bug report.

-- 
Ed Avis <eda@waniasset.com>




nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About