develooper Front page | perl.perl5.porters | Postings from July 2008

Re: Creative and *routine* use of so-called "magic" ARGV (was [perl#2783] Security of ARGV using 2-argument open)

Thread Previous | Thread Next
Andy Dougherty
July 30, 2008 07:36
Re: Creative and *routine* use of so-called "magic" ARGV (was [perl#2783] Security of ARGV using 2-argument open)
Message ID:
On Tue, 29 Jul 2008, Rafael Garcia-Suarez wrote:

> 2008/7/29 Aristotle Pagaltzis <>:
> > * Abigail <> [2008-07-28 21:30]:
> >>  - Programs that wouldn't use while (<>) pre-5.12 (because they
> >>    might run in an environment where file names may start with
> >>    '|' or '>') will use 3-arg "safe" while (<>), will be,
> >>    silently, a security issue when run with a pre-5.12.
> >>
> >> If you make "while (<<>>)" to be 3-arg open, then at least such
> >> programs will fail to compile when run with a pre-5.12 perl.
> >
> > Exactly. I want to highlight this again: in my opinion, having
> > code that is safe under 5.12 (or 5.10.1 or whenever) not silently
> > become unsafe under 5.10.0 or earlier is an incontrovertible
> > argument for introducing a new safe diamond-like operator as
> > incompatible syntax.
> If I parse you well, that's indeed a compelling argument. Finding a
> balance between security and compatibility isn't very easy.

Yes indeed.  Finding an appropriate balance is always a challenge, but 
maintaining it has always been one of Perl's strengths.  In the past 20 
years, the landscape in which perl programs run has changed considerably.  
It is not at all unreasonable to reconsider that balance.

If we were to change while (<>), then the "unsafe" conversions mentioned 
above would have to be balanced against the "safe" conversions of many 
previously unsafe programs when run under 5.12.  And, of course, any net 
"improvement" would have to be weighed against the cost of breaking 
existing programs.

My initial reaction was that the creative use of magic ARGV was probabaly 
insufficiently routine that, on balance, it made sense to consider 
changing while(<>).  I think Tom has persuaded me that it might well be 
more routine than I initially imagined, which indeed shifts the balance.

In any case, I do think Tom summed up my feelings well:

On Tue, 29 Jul 2008, Tom Christiansen wrote:

> I still have a vague hunch like a module, or here even a pragma, 
> might be a good idea.  It's vague, and undeveloped.  I'd like
> to give that time to grow.  [ . . . ]

> I'm afraid we may be heading down, if not break-their-programs, at
> least the annoying-warning route, and that now as then there might
> well be a cleaner and less noisily troubling solution.  That's why
> I don't think loudness of complaint should turn into quick action.
> Without a dampening period of contemplation and consideration, the
> feedback loop would whiplash the language too much, and thence its
> users as well.

    Andy Dougherty

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About