Vincent Lefevre writes ("Re: Potentially insecure Perl scripts"):
> I fear that this is not that simple: I suppose that this will break
> scripts that modify @ARGV to make <> secure. :(The easiest way to sanitise a string to make it safe for 2-argument open involves: * prepending ./ if the string does not start with / * appending \0 (a nul byte) The result is also a valid operand for 3-argument open. Now some people may have prepended < needlessly but (i) if you thought about this problem this hard you would probably try to make your thing compatible with a hypothetical fixed <> (ii) we're probably in a small minority of a tiny minority here (iii) changing the workaround so it works for both is easy. So I think this was a reasonable question to ask, but the answer is that this is very unlikely to be a significant problem. Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
