On 2019-01-23 17:23:10 +0100, Alex Mestiashvili wrote: > On 1/23/19 4:44 PM, Vincent Lefevre wrote: > > On 2019-01-23 15:32:00 +0000, Ian Jackson wrote: > >> This is completely mad and IMO the bug is in perl, not in all of the > >> millions of perl scripts that used <> thinking it was a sensible thing > >> to write. > > > > I agree that it would be better to drop this "feature" of Perl. > > It is probably never used, and probably useless (I would rather > > use the features from the shell if I need a pipe). > > Perl's open is well documented.
What wasn't clear was not about open, but the fact that <> uses the 2-arg open in a raw way. FYI, I learnt Perl in 1994 or early 1995, just after Perl 5.000 was released, and at that time, I'm not sure that <> was properly documented. More importantly, security was not really a consideration (not much except file permissions). The fact that the perlsec(1) man page doesn't mention the issue with the null filehandle doesn't help either. One also has (had) plenty of misleading documentation, starting with the perlrun(1) man page: -n causes Perl to assume the following loop around your program, which makes it iterate over filename arguments somewhat like sed -n or awk: LINE: while (<>) { ... # your program goes here } "like sed -n and awk". Really? Now, this man page also says: Also note that "<>" passes command line arguments to "open" in perlfunc, which doesn't necessarily interpret them as file names. See perlop for possible security implications. But in 2008, it was still not there. Thus programs written before 2008 or by developers who started to learn Perl before 2008 can easily be affected by this issue. BTW, I've just seen that I already reported a documentation bug in the past: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592727 This was about the behavior, which is not specified, e.g. on the argument '>file'. > Quoting the perlipc: > > "it's much more efficient to process the file one line or record at a > time because then you don't have to read the whole thing into memory at > once." Well, with a pipe used from the shell (either with "|" or with process substitution) instead of a special Perl syntax, the behavior is the same. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)