develooper Front page | perl.perl5.porters | Postings from July 2014

Re: New feature proposal : <<>> to disable magic open of ARGV

Thread Previous | Thread Next
From:
Peter Martini
Date:
July 27, 2014 13:51
Subject:
Re: New feature proposal : <<>> to disable magic open of ARGV
Message ID:
CAFyW6MTJYhYqZXT+ubV=ny7soynLXpa4mQz1kqmNMiWoij8E2Q@mail.gmail.com
On 7/25/14, Abigail <abigail@abigail.be> wrote:
>
> Considering that with one liners, you're typically in full control of
> what you type, including the command line arguments, I'm not sure
> whether just changing -n and -p, robbing the user of options, is the
> right way.
>
>
> When was the last time you couldn't write a -n/-p one liner, because
> one of the arguments you wanted to give would trigger magic open, and
> you didn't want that to happen?

It's actually more dangerous and has sharper edges than may be
initially considered.  Putting on my security hat:

shell $ touch 'report6; ls -l * |'
shell $ perl -pe '' report*

Even with one liners, the user isn't necessarily aware of the
arguments that will be processed.

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About