[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]
Re: [ID 19991230.004] Phrack finds a major perl bug
On 6 Jan 2000, Russ Allbery wrote:
> While I largely agree with this, I think that it may be worth making a
> special exception for nul characters embedded in the middle of file names
> passed to sysopen(). To the user, sysopen is part of Perl, and should be
> able to handle any Perl string or return an error saying that it can't
> create that file. It's impossible in the Unix file system to create or
> open the file "foo\0bar", so sysopen should return an error. It should
> *not* silently open "foo" and not tell you that.
I wouldn't be surprised if there are scripts that actually use this
feature. My reasoning: sticking a null in the middle of a char buffer and
passing it to a system call is a useful C idiom. The expectation (and the
reality) is that the system call will only look at the pre-null part of
the buffer. I think it is possible that transplanted C programmers may be
using the same idiom in perl, currently successfully.
Maybe it should be a warning, if it's going to be anything but acceptable?
-sam
- Follow-Ups from:
-
Chip Salzenberg <chip@valinux.com>
- References to:
-
Russ Allbery <rra@stanford.edu>
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]