Tue, 29 Jul 2008

Magic ARGV (considered harmful)

Permanent link

A bunch of threads on the perl5-porters mailing list made me aware of a rather obscure perl 5 feature.

I was quite familiar with the basic form, which goes like this:

while ( <> ) {

This either reads from all files in turn that were given on the command line, or from STDIN if no file name was provided.

Now <> actually uses open internally, specifically the 2 argument form. Which means that anything that is valid as the second argument to open also works in @ARGV:

local @ARGV = ('fortune |');
print while <>;

Instead of trying to open a file called fortune |, it actually executes the command fortune and uses it output for the <> "diamond operator".

This feature can be used for quite some tricky and shiny stuff, but it's also dangerous. If your perl program uses <>, it is vulnerable to the command line argument rm -rf * | and similar things, also known as "arbitrary code execution".

Therefore the perl porters are discussing about disabling this feature, and making the old, magic behaviour available with a command line switch or a pragma.

For me the consequence is "don't use <> with possibly untrusted input".

[/perl-tips] Permanent link