in reply to Re^3: magic-diamond <> behavior -- WHAT?!
in thread magic-diamond <> behavior -- WHAT?!
-
It's no more a security hole than "system" is. Or a kitchen knife a murder weapon. Magic open was there before the fast majority of the current Perl programmers even knew there was such a thing as Perl, and it has been documented that way.
I disagree. system is an explicit call. By analogy, if I were to system(), I would pick up the kitchen knife and know better. With the magic-diamond <>, the knife may magically backstab me without me even realizing what happened ;-) I know now, but how about the uninformed?
I can respect legacy since magic open existed a long time ago. But sometimes legacy needs to change for the sake of security considerations.
-
But with the addition of a single keystroke, that filter won't execute arbitrary shell commands.
Awww man.. now I've got to taint my simple filters? How is this making it easy and safe for common & simple read-only filter operations, like the one in my previous post?
-
And IMO, it's always a good idea to enable tainting if you're running in an environment you cannot trust (but then, if you cannot trust the environment, is such a broad shell expansion a good idea in the first place?)
At $WORK, I can trust that my environment is not hostile. But I don't trust that my environment is error-free. So, you can say it's sort of a semi-trust :-) The last thing I need to worry about is how filenames will affect my Perl filters.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^5: magic-diamond <> behavior -- WHAT?!
by JavaFan (Canon) on Oct 30, 2008 at 10:07 UTC | |
by repellent (Priest) on Oct 30, 2008 at 17:55 UTC | |
by JavaFan (Canon) on Oct 30, 2008 at 18:21 UTC | |
by repellent (Priest) on Oct 30, 2008 at 20:02 UTC | |
by JavaFan (Canon) on Oct 30, 2008 at 21:39 UTC | |
| |
by ikegami (Patriarch) on Oct 30, 2008 at 20:16 UTC | |
A reply falls below the community's threshold of quality. You may see it by logging in. |
In Section
Seekers of Perl Wisdom