Re: Fundamental pipe questions

On 2007-03-31 01:05, Lost Sheep Of the Porn <cdalten@xxxxxxxxx> wrote:
On Mar 30, 11:56 am, "Peter J. Holzer" <hjp-usen...@xxxxxx> wrote:
["Followup-To:" header set to comp.lang.perl.misc.]
On 2007-03-30 14:00, grocery_stocker <cdal...@xxxxxxxxx> wrote:

What's the difference between
open(FOO, "│tr ’[a-z]’ ’[A-Z]’");

and

open(FOO, ’│-’, "tr ’[a-z]’ ’[A-Z]’");

None.


If both these constructs are the same, then why does perlipc rattle on
about using |- for safe pipe opens.

Look again. perldoc perlipc does NOT advocate the use of
open(FOO, '|-', "tr '[a-z]' '[A-Z]'");
as safe. It tells you to either use
open(FOO, '|-')
and then
exec('tr', '[a-z]' '[A-Z]');
in the child or (for perl >= 5.8.0) use the list form:
open(FOO, '|-', 'tr', '[a-z]' '[A-Z]');
just as I did (in the part you snipped).

The difference is safety doesn't come from separating '|-' from the
command name[0], but from separating the arguments from the program
name. Note that perlipc also uses the LIST form of exec - had they used
(exec("tr '[a-z]' '[A-Z]'") instead, the advantage would have been lost.

(In this example, it really doesn't matter since you use a fixed string
hard coded into your script. exec and open only become unsafe if you
construct the arguments from untrusted user input).

hp

[0] In general, open with a MODE is safer than only an EXPR, especially
for '<', and also for '-|' under some circumstances, but I can't
construct a case for '|-'. You should still make a habit of avoiding
the two-argument form of open.

--
_ | Peter J. Holzer | Blaming Perl for the inability of programmers
|_|_) | Sysadmin WSR | to write clearly is like blaming English for
| | | hjp@xxxxxx | the circumlocutions of bureaucrats.
__/ | http://www.hjp.at/ | -- Charlton Wilbur in clpm
.