Front page | perl.perl5.porters |
Postings from August 2016
Michael Schroeder wrote:
> What I don't get is why you can't use %{"$base\::"} to check if
> it is used for an optional load or not. I.e. make the code something
> like:
>
> my $dotty = $INC[-1] eq '.' && %{"$base\::"};
> local @INC = @INC;
> pop @INC if $dotty;
>
> If %{"$base\::"} is empty, the code will croak if the requires
> fails, so it is a mandatory load and it's ok to look in '.'.
> Wouldn't that be more compatible to the old behavior and still
> be safe enough?
It would be safe enough (if I understand the issues correctly; I am no
security expert; all I did was to change the diagnostic output), but
it would result in inconsistent behaviour that is more likely to
bite people.
Checking scalar(%{"$base\::"}) is just a heuristic, which is wrong
some of the time. If you happen to have loaded Test::More before
Test.pm, then the heuristic will be wrong, and 'use base "Test"' will
not look in '.'. If you 'use base "Test"' first, then it does look in
'.'. Imagine trying to debug that.
> (I'm also not very happy about perl not croaking if there is
> something in %{"$base\::"} and the module exists in '.' and
> doesn't get loaded because of '.' being popped. That may cause
> some hard to find errors at a distance...)
You do not want your program croaking (or even warning, for that mat-
ter) if a malicious file happens to be in the current directory with
the right name. Making a program die by putting a file in the right
place can also be a venue for an attack, even if only a DoS attack.
But the current approach *does* make debugging hard (similar to the
case I described above). I do not know which is worse, nor do I think
I am competent to make a decision in this matter.
Thread Previous