in reply to Two-arg open() considered dangerous
Careful thought about that venerable security hole:
demonstrates the truth of what you say. Essentially any API which make data and metadata easily confused should be viewed with suspicion.open(INPUT, param("input"));
But given that the 3 argument open is not documented as of 5.005_03, I would be cautious about suggesting that people use it in any code whose use is meant to be portable. People will have to use sysopen instead, but now you have to go through extra hoops to pull in the right values of your flags from Fcntl.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Two-arg open() considered dangerous
by Dominus (Parson) on Dec 12, 2001 at 21:05 UTC | |
Re (chip): Two-arg open() considered dangerous
by chip (Curate) on Dec 12, 2001 at 03:53 UTC | |
Re (chip): Two-arg open() considered dangerous
by chip (Curate) on Dec 12, 2001 at 03:50 UTC | |
by tilly (Archbishop) on Dec 12, 2001 at 03:54 UTC | |
by chip (Curate) on Dec 12, 2001 at 03:58 UTC | |
by ichimunki (Priest) on Dec 13, 2001 at 04:46 UTC |
In Section
Meditations