develooper Front page | perl.perl5.porters | Postings from July 2008

Re: Creative and *routine* use of so-called "magic" ARGV (was [perl#2783] Security of ARGV using 2-argument open)

Thread Previous | Thread Next
Mark Mielke
July 29, 2008 08:07
Re: Creative and *routine* use of so-called "magic" ARGV (was [perl#2783] Security of ARGV using 2-argument open)
Message ID:
Abigail wrote:
> On Tue, Jul 29, 2008 at 09:20:28AM -0500, David Nicol wrote:
>> On Tue, Jul 29, 2008 at 8:22 AM, Mark Mielke <> wrote:
>>> Specifically, \Q...\E will prefix certain characters with '\', and this will
>>> make it impossible to represent file names with the same special characters
>>> (the theoretical filenames with '|', '<' or '>') but that are not escaped in
>>> the file name.
>> phooey.
>> Prefixing < takes care of opening and reading files with pipes and so
>> on in them, but leading/trailing space seems impossible to represent
>> with a 2-arg open.
> It has been documented for a long, long time how to solve this:
>     my $file = " hello ";
>     open my $fh, "< ./$file\0";
> Granted, "\0" is a bit of an oddity, but it is possibly. And you don't
> need sysopen.
> I think the current documentation is in perlopentut.

I have several base modules which do the "< $path\0" trick and have for 
years. I believe I did pick this habit up from Tom C, perhaps even 12 or 
so years ago when he presented a course to us. :-)

But yes, in opentut or not, when I train new people and they see this 
little bit of code, they scratch their head in confusion and I have to 
explain it to them. I'm not sure why - as it seems it should be quite 
clear to anybody with a basic understanding of Perl and knowledge of how 
system calls work, but they don't pick it up as quick as they should.

I do *not* handle leading whitespace in my base modules. It's never been 
a problem that I have been aware of. Not that it has been pointed out, 
I'm tempted to change my base module to handle it. :-)


Mark Mielke <>

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About