In #perlhelp on EFnet, someone said:

14:01 < mauke> Is this a feature? mkdir tmp; cd tmp; touch 'echo Hello +, world |'; perl -pe1 * 14:03 < mauke> Even better: touch 'rm -rf `echo \\\\57` |'; perl -pe1 +*
The first one is safe to run. It prints "Hello, world". The second one is on most systems not safe to run. It deletes everything it can, starting at /.

This feature is documented in perlop:

You can even set them to pipe commands. For example, this automatically filters compressed arguments through gzip:            @ARGV = map { /\.(gz|Z)$/ ? "gzip -dc < $_ |" : $_ } @ARGV;

So all code using the filehandle ARGV (this includes oneliners using -n or -p) is unsafe if used with shell globs.

Unfortunately, -p and -n are used in a LOT of places. Often in scripts that cron starts once a day. Often running as root. I found 5 root holes on my server system.

The fix is easy, but a lot of typing, which isn't handy for oneliners. You should open the files explicitly, using 3-argument open.

Too bad this is a feature. If it weren't documented, I'd say it's a bug and a very scary one too.


Juerd # { site => '', plp_site => '', do_not_use => 'spamtrap' }