develooper Front page | perl.perl5.porters | Postings from July 2008

Re: Creative and *routine* use of so-called "magic" ARGV (was[perl #2783] Security of ARGV using 2-argument open)

Thread Previous | Thread Next
Aristotle Pagaltzis
July 29, 2008 16:30
Re: Creative and *routine* use of so-called "magic" ARGV (was[perl #2783] Security of ARGV using 2-argument open)
Message ID:
* Rafael Garcia-Suarez <> [2008-07-29 22:45]:
> 2008/7/29 Aristotle Pagaltzis <>:
>> * Abigail <> [2008-07-28 21:30]:
>>>  - Programs that wouldn't use while (<>) pre-5.12 (because
>>>    they might run in an environment where file names may
>>>    start with '|' or '>') will use 3-arg "safe" while (<>),
>>>    will be, silently, a security issue when run with a
>>>    pre-5.12.
>>> If you make "while (<<>>)" to be 3-arg open, then at least
>>> such programs will fail to compile when run with a pre-5.12
>>> perl.
>> Exactly. I want to highlight this again: in my opinion, having
>> code that is safe under 5.12 (or 5.10.1 or whenever) not
>> silently become unsafe under 5.10.0 or earlier is an
>> incontrovertible argument for introducing a new safe
>> diamond-like operator as incompatible syntax.
> If I parse you well, that's indeed a compelling argument.

I think you are. The argument in full length is: if someone
writes `while (<>)` under 5.12, and this uses 3-arg open in 5.12,
then takes that code and runs it under 5.8, it will silently
change behaviour. Whereas if `while (<>)` stays the same, and
someone instead writes `while (<<>>)` in 5.12, then takes that
code and runs it under 5.8, the program won’t run at all. As well
it shouldn’t.

And we know the legions of ancient perls that are still deployed,
and that few people arm all their scripts with `require 5.whatev`,
so this is quite a likely scenario.

For that reason, changing the semantics of `while (<>)` is a bad

>> We can discourage the unconsidered use of magic ARGV with a
>> warning. This would be the exact same strategy that C
>> compilers followed WRT `gets`, which it seems to me worked
>> well for C. It also seems to me that the people who are
>> certain enough that they want this feature are also people who
>> won't shy away from muting a warning.
> Recapitulating what was proposed by you, we are getting to :
> * not changing <>

Apart from the warning, obviously, per the paragraph you quoted
right above your recapulation.

> * introducing new, safer <<>> (or «» if I may joke about the
>   utf8-cleanliness of the tokeniser)
> * a feature or a pragma then becomes not useful
> * a way to extend ARGV's magic would be nice, but needs not to
>   be in the core


I want to note that I’m not enamoured with the choice of `<<>>`
as the operator’s glyph, but I have no better proposal and I’m
not overly invested in that bikeshed. If anyone feels they have
a better idea, pipe up (most specifically, I wish Larry would);
either way though, so long as it breaks loudly in existing perls,
it’s good enough.

Anyway, I *think* this approach satisfies everyone’s concerns.

Aristotle Pagaltzis // <>

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About