[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [groff] [PATCH] Avoid Perl's unsafe "<>" operator
From: |
Colin Watson |
Subject: |
Re: [groff] [PATCH] Avoid Perl's unsafe "<>" operator |
Date: |
Sun, 3 Mar 2019 17:17:22 +0000 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Sun, Mar 03, 2019 at 01:21:49PM +0000, Ralph Corderoy wrote:
> Hi Colin,
>
> > Perl's "open" documentation even notes for the "< $file\0" trick that
> > "this may not work on some bizarre filesystems", which suggests to me
> > that such a robust proof isn't possible.
>
> No, that's a misquote.
>
> $file =~ s#^(\s)#./$1#;
> open(my $fh, "< $file\0")
> || die "Can't open $file: $!";
>
> (this may not work on some bizarre filesystems).
>
> The `bizarre' bit is referring to non-POSIX filesystems that don't like
> `./' as a prefix for the current directory.
Thanks for the correction (I would say it was a misreading rather than a
misquote, since it genuinely wasn't clear to me).
It's true that the ./ part doesn't need to be considered in our case.
> > we're trying to come up with ways to add extra characters to its input
> > that suppress that magic.
>
> We're using the method described in documentation written by Tom
> Christiansen and his pedigree says to me that's sufficient. I agree in
> general one looks for a certain way to be safe, but this seems the
> accepted Perl idiom.
Tom indeed has a fine pedigree, but even very competent people can be
wrong, which is why I look for convincing proofs instead. To be honest,
even with a proof I think I would still prefer my manual construction,
since it requires less effort to convince oneself that it's safe.
>
> https://groups.google.com/forum/message/raw?msg=comp.lang.perl.misc/0tqkwns3aaw/auWXakdD1S0J
>
> If magic `open' is a bit too magical for you, you don't have to turn
> to `sysopen'.
It's worth noting that Tom posted this in 1999, which was before the
three-argument form of open was introduced in Perl 5.6 (March 2000).
Nowadays it would be strange (perhaps even a strawman) to make this
argument, because if "magic" two-argument open is too magical for you,
then the obvious next thing to use is the non-magical three-argument
open, not sysopen.
So, even if that document from 1999 remains authoritative on how to
perform safe escaping, I don't think it's any longer authoritative on
style. The modern perlopentut(1) still carries Tom's copyright notice
(now from 2013) and doesn't mention the two-argument form of open at
all; that's been relegated to more detailed reference documentation.
--
Colin Watson address@hidden