[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]

Re: [ID 19991230.004] Phrack finds a major perl bug

From: Sam Tregar <sam@tregar.com>
To: Russ Allbery <rra@stanford.edu>
cc: perl5-porters@perl.org
Date: Thu, 6 Jan 2000 20:29:11 -0500 (EST)
Message-ID: <Pine.LNX.4.21.0001062024510.700-100000@zoltar.vm.com>

On 6 Jan 2000, Russ Allbery wrote:

> While I largely agree with this, I think that it may be worth making a
> special exception for nul characters embedded in the middle of file names
> passed to sysopen().  To the user, sysopen is part of Perl, and should be
> able to handle any Perl string or return an error saying that it can't
> create that file.  It's impossible in the Unix file system to create or
> open the file "foo\0bar", so sysopen should return an error.  It should
> *not* silently open "foo" and not tell you that.

I wouldn't be surprised if there are scripts that actually use this
feature.  My reasoning: sticking a null in the middle of a char buffer and
passing it to a system call is a useful C idiom.  The expectation (and the
reality) is that the system call will only look at the pre-null part of
the buffer.  I think it is possible that transplanted C programmers may be
using the same idiom in perl, currently successfully.

Maybe it should be a warning, if it's going to be anything but acceptable?

-sam

Follow-Ups from:: Chip Salzenberg <chip@valinux.com>

References to:: Russ Allbery <rra@stanford.edu>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]