Hi Jan, > The "real" problem is that while(<>) is using the 2-arg form of > open(), so specially crafted filenames ending with a '|' can > executed arbitrary commands when you run `perl myscript *`. This > is only an issue on Unix as the pipe symbol is not a valid filename > character on Windows.
Wow, i wasn't even aware of that weakness in the idiom, though admittedly i tend to use while (<>) only after emptying @ARGV. But still, thanks for the hint! It's not the only problem, though. open my $fh, $filename or ... is a nightmare in general unless you are *really* sure $filename does not contain any user-tweakable components. > There is nothing you can do about it though, but not use while(<>) Sure, opening the files manually and specifying the file handle explicitely causes very little extra effort and will usually pay off in terms of stability, clarity and ease of maintenance, even without the exploit you described. > if you cannot trust the filenames in your directory. But then you > are in a bad spot already if you cannot trust your local files... Not necessarily. When writing suid programs or when writing system maintenance tools that are expected to be run using sudo(8) or su(1) or by privileged users in general, it is the usual case that the you cannot trust the contents of the file systems, except those parts owned by root and not writeable by anyone else, including all parent directories. On a related note, it's really old news that dot in PATH is almost always a terrible idea for just the same reason. Yours, Ingo P.S. One of the nice things about Perl is that it's actually not a bad language security-wise with a bit of coding discipline. :) _______________________________________________ ActivePerl mailing list [email protected] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
