Abigail <abigail <at> abigail.be> writes: >>>I've always been a bit uncomfortable with the current magical behaviour, >>>and that's why I tend to favor a non-compatible change. > - Programs that were written pre-5.12 that rely on while (<>) to be > 2-arg open will silently fail to work correctly when run with a > post 5.12 perl. Correct. I think they are a small number of programs relative to the large number that 'rely' on while (<>) to just read some files - but this just an educated guess, not something I can prove. However, the bug introduced will be a fairly benign one: 'file not found' when trying to use a magic filename. Whereas the bug of running an external command or overwriting a file given certain filenames is a much more serious bug IMHO. > - Programs that wouldn't use while (<>) pre-5.12 (because they might > run in an environment where file names may start with '|' or '>') > will use 3-arg "safe" while (<>), will be, silently, a security > issue when run with a pre-5.12. Yes, I can see this is something to worry about. A conscientious programmer could make a program that reads some files, but when someone else runs it on an earlier perl version it becomes a risk. However, if you think this is bad (and not just 'theoretical') then this implies believing that the status quo is also bad, since code with while (<>) is silently a security issue right now - unless every perl programmer currently using while (<>) has thought about the implications and carefully decided to turn on the magic behaviour, which seems unlikely. The essential issue is to separate the operator for reading files from the operator for doing magic. I propose that 5.12 have two filehandles: SAFE_ARGV reads the files given MAGIC_ARGV might read the files, or do other fun things Then there are three syntactic sugar pills: <> <ARGV> <<>> The choice to be made is either (A) maximum compatibility: <> means <MAGIC_ARGV> <ARGV> means <MAGIC_ARGV> <<>> means <SAFE_ARGV> or (B) safety by default: <> means <SAFE_ARGV> <ARGV> means <SAFE_ARGV> <<>> means <MAGIC_ARGV> >If you make "while (<<>>)" to be 3-arg open, then at least such programs >will fail to compile when run with a pre-5.12 perl. Yes. Code using <SAFE_ARGV> explicitly would also fail to compile with pre-5.12. Suppose there are three kinds of programmer: 1. A programmer who wants to read some files, who knows about the <> controversy, and wishes to be sure his code is always safe (even at the expense of not running on older perls). 2. A programmer who knows about magic ARGV processing and wants to use it. 3. A programmer who is not aware of the pitfalls but just wanted to read files. Here is the code written by each programmer in scenario (A) or (B): 1 2 3 A <<>> or <SAFE_ARGV> <> or <MAGIC_ARGV> <> B <SAFE_ARGV> <<>> or <MAGIC_ARGV> <> Under both your proposal (A) and mine (B) the paranoid programmer would be able to write code that fails to run under old perls. And under both proposals the programmer who wants magic would be able to get it. The only real difference is what happens to programmer 3. In scenario A his or her code remains unsafe under both old and new perls. In scenario B the code is unsafe when run under old perls but correct for 5.12. I agree it is not ideal to have a caveat for <> saying 'this will do potentially dangerous things under older perl versions, so watch out'. But that is a big improvement on having it do dangerous things under the version you are running now. -- Ed Avis <eda@waniasset.com>Thread Next