Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?

Re^3: and untainting

by Just in (Sexton)
on Jul 29, 2009 at 08:11 UTC ( #784155=note: print w/ replies, xml ) Need Help??

in reply to Re^2: and untainting
in thread and untainting

I'm surprised that env_untaint was written that way. 0022 as a umask is 755 permission wise which gives the idea that r and x for group members and everyone else actually works for Windows in a Linux/UNIX way.

Reading stat under perlfunc years ago led me to believe that only a handful of the 13 elements actually worked under Windows. Looking at it now hints that there maybe some cause for doubt - "Not all fields are supported on all filesystem types".

The concept of group and everyone for Windows does work under domains but not directories, which is why stat returns 0777 even on readonly.

Shortcoming of stat - I'd say so, but it's not actually since we're given warning. To get directories that you can't write to I'd use Win32::File so

and not ((stat($_))[2] & 0022)


and ( $attr & READONLY )

I was going to go through the bitwise & permissions that would yield 0 with 0022, but I actually came on PM to look for something else and now it's home time :p

Just in

P.S. your box is fine

Comment on Re^3: and untainting
Select or Download Code
Re^4: and untainting
by syphilis (Canon) on Jul 30, 2009 at 09:43 UTC
    and ( $attr & READONLY )

    That doesn't seem to do quite the same thing. GetAttributes() tells me that neither C:/Windows/System32 nor many of the files in it are READONLY. Yet, I can't write to that directory, or to any of the files in it.


      GetAttributes() (from Win32::File) returns the file attributes that were invented around 1980 for MS-DOS, namely ARCHIVE, DIRECTORY, HIDDEN, READONLY, and SYSTEM, plus three new using the remaining bits of a byte, invented somewhere around Windows 98 or NT 4.0: OFFLINE, COMPRESSED, and TEMPORARY. Again, these attributes do not have any relation to the ACLs. Win32::Security::ACL should be able to access the ACLs and to tell you why you can't write to the directory.


      Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
        Thanks for that. A CPAN search for Win32::Security::ACL also turned up Win32::FileSecurity. I haven't yet got into the finer details of comparing them.


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://784155]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (3)
As of 2014-09-21 23:19 GMT
Find Nodes?
    Voting Booth?

    How do you remember the number of days in each month?

    Results (176 votes), past polls