Front page | perl.perl5.porters |
Postings from July 2008
On Tue, Jul 29, 2008 at 10:08:50AM +0000, Ed Avis wrote:
> Abigail <abigail <at> abigail.be> writes:
>
> >>>I've always been a bit uncomfortable with the current magical behaviour,
> >>>and that's why I tend to favor a non-compatible change.
>
> > - Programs that were written pre-5.12 that rely on while (<>) to be
> > 2-arg open will silently fail to work correctly when run with a
> > post 5.12 perl.
>
> Correct. I think they are a small number of programs relative to the
> large number that 'rely' on while (<>) to just read some files - but
> this just an educated guess, not something I can prove.
>
> However, the bug introduced will be a fairly benign one: 'file not
> found' when trying to use a magic filename. Whereas the bug of
> running an external command or overwriting a file given certain
> filenames is a much more serious bug IMHO.
Indeed, it will not be completely silent, it will issue a runtime warning.
The program will still run, and even continue to run after the warning
has been issued.
> > - Programs that wouldn't use while (<>) pre-5.12 (because they might
> > run in an environment where file names may start with '|' or '>')
> > will use 3-arg "safe" while (<>), will be, silently, a security
> > issue when run with a pre-5.12.
>
> Yes, I can see this is something to worry about. A conscientious
> programmer could make a program that reads some files, but when
> someone else runs it on an earlier perl version it becomes a risk.
>
> However, if you think this is bad (and not just 'theoretical') then
> this implies believing that the status quo is also bad, since code
> with while (<>) is silently a security issue right now - unless every
> perl programmer currently using while (<>) has thought about the
> implications and carefully decided to turn on the magic behaviour,
> which seems unlikely.
Not quite.
If security is an issue, I think the safest way is to tell people *NOW*.
Patch the documentation if you think it's not clear enough. Write articles
on Perlmonks. Send errata to book publishers. Speak at a conference.
Surely that would beat waiting for everyone to upgrade to 5.12.
> The essential issue is to separate the operator for reading files from
> the operator for doing magic. I propose that 5.12 have two
> filehandles:
>
> SAFE_ARGV reads the files given
> MAGIC_ARGV might read the files, or do other fun things
>
> Then there are three syntactic sugar pills:
>
> <>
> <ARGV>
> <<>>
>
> The choice to be made is either (A) maximum compatibility:
>
> <> means <MAGIC_ARGV>
> <ARGV> means <MAGIC_ARGV>
> <<>> means <SAFE_ARGV>
>
> or (B) safety by default:
>
> <> means <SAFE_ARGV>
> <ARGV> means <SAFE_ARGV>
> <<>> means <MAGIC_ARGV>
>
> >If you make "while (<<>>)" to be 3-arg open, then at least such programs
> >will fail to compile when run with a pre-5.12 perl.
>
> Yes. Code using <SAFE_ARGV> explicitly would also fail to compile
> with pre-5.12.
No, it doesn't. Not even with strict. With warnings on, it's likely to
issue a warning (unless SAFE_ARGV happens to be defined), but it's not
a compile time error:
$ perl -Mstrict -wE 'while (<SAFE_ARG>) {say} END {say "End"}'
Name "main::SAFE_ARG" used only once: possible typo at -e line 1.
readline() on unopened filehandle SAFE_ARG at -e line 1.
End
$
You'd be better off to make it a feature; using the feature will prevent
the code from running on older perls.
Abigail
Thread Previous
|
Thread Next