[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]

[PATCH] [doc] be more explicit about magic argv

From: Moritz Lenz <moritz@casella.verplant.org>
To: perl5-porters@perl.org
Date: Thu, 30 Oct 2008 18:39:44 +0100
Message-ID: <20081030163847.9036.qmail@lists.develooper.com>

Hi,

attached patch adds a few words of warning perlop and perlrun, telling
people that <> doesn't open files from @ARGV, but passes them to open()
instead.

Currently this is only documented very indirectly, which might cause
unpleasant surprises.

I don't know if a word of warning should go into perlsec as well, and if
yes, in which section.

Cheers,
Moritz

diff --git a/pod/perlop.pod b/pod/perlop.pod
index 7b0b0d2..2939523 100644
--- a/pod/perlop.pod
+++ b/pod/perlop.pod
@@ -2246,6 +2246,18 @@ internally--<> is just a synonym for <ARGV>, which
 is magical.  (The pseudo code above doesn't work because it treats
 <ARGV> as non-magical.)
 
+Since the null filehandle uses the two argument form of L<perlfunc/open>
+it interprets special characters, so if you have a script like this:
+
+    while (<>) {
+        print;
+    }
+
+and call it with C<perl dangerous.pl 'rm -rfv *|'>, it actually opens a
+pipe, execute the C<rm> command and read C<rm>'s output from that pipe.
+If you all items in C<@ARGV> to be interepreted as file names, you can
+use the module C<ARGV::readonly> from CPAN.
+
 You can modify @ARGV before the first <> as long as the array ends up
 containing the list of filenames you really want.  Line numbers (C<$.>)
 continue as though the input were one big happy file.  See the example
diff --git a/pod/perlrun.pod b/pod/perlrun.pod
index 2a53ec7..880b1c6 100644
--- a/pod/perlrun.pod
+++ b/pod/perlrun.pod
@@ -655,6 +655,10 @@ Note that the lines are not printed by default.  See B<-p> to have
 lines printed.  If a file named by an argument cannot be opened for
 some reason, Perl warns you about it and moves on to the next file.
 
+Also note that C<< <> >> passes command line arguments to
+L<perlfunc/open>, which doesn't necessarily interpret them as file names.
+See  L<perlop> for possible security implications.
+
 Here is an efficient way to delete all files that haven't been modified for
 at least a week:

Follow-Ups from:: Paul Johnson <paul@pjcj.net>
Moritz Lenz <moritz@casella.verplant.org>
Moritz Lenz <moritz@casella.verplant.org>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]