in reply to
Re^4: magic-diamond <> behavior -- WHAT?!
in thread magic-diamond <> behavior -- WHAT?!
What do you mean by "really know"?
introducted this root, not me:
Some of these scripts are run by root, and he may don't even know that they written in Perl, I don't think he checking that there are no files with | or < in their names.
And root access is not a requirement to fall into that trap, ordinary users, who don't even know what Perl is, also can run these scripts.
Running whatever *
while not knowing what *
expands to or what whatever
does is dangerous regardless of the language whatever
is written in. Disabling magic open in Perl isn't going to fix the potential problems with this technique.
It's like saying "let's turn all Toyotas into bumper cars, as there are people crossing the road with their eyes closed". That doesn't make crossing the road with your eyes closed safe - you still get run down by Fords and other cars.