Do you know where your variables are? | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
In #perlhelp on EFnet, someone said: The first one is safe to run. It prints "Hello, world". The second one is on most systems not safe to run. It deletes everything it can, starting at /. This feature is documented in perlop: You can even set them to pipe commands. For example, this automatically filters compressed arguments through gzip: @ARGV = map { /\.(gz|Z)$/ ? "gzip -dc < $_ |" : $_ } @ARGV; So all code using the filehandle ARGV (this includes oneliners using -n or -p) is unsafe if used with shell globs. Unfortunately, -p and -n are used in a LOT of places. Often in scripts that cron starts once a day. Often running as root. I found 5 root holes on my server system. The fix is easy, but a lot of typing, which isn't handy for oneliners. You should open the files explicitly, using 3-argument open. Too bad this is a feature. If it weren't documented, I'd say it's a bug and a very scary one too. :( Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' } In reply to Dangerous diamonds! by Juerd
|
|