From owner-cvs-all Thu Jan 4 8:14:23 2001 From owner-cvs-all@FreeBSD.ORG Thu Jan 4 08:14:19 2001 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 02E6137B400; Thu, 4 Jan 2001 08:14:18 -0800 (PST) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id RAA75487; Thu, 4 Jan 2001 17:14:02 +0100 (CET) (envelope-from des@ofug.org) Sender: des@ofug.org X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Mark Murray Cc: Paul Richards , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/pkg_install/update pkg_update.pl References: <200101041509.f04F9kY06526@gratis.grondar.za> From: Dag-Erling Smorgrav Date: 04 Jan 2001 17:14:01 +0100 In-Reply-To: Mark Murray's message of "Thu, 04 Jan 2001 17:09:43 +0200" Message-ID: Lines: 15 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Mark Murray writes: > > > $file not be what you expect, particularly should $file turn out to be > > > "+REQUIRES" since ">+" is a valid open mode. > > This would not be a problem if you used sysopen() instead of open(). > Even better - properly sanitise $file using taint-like checking. This is a crutch, not a cure. The fundamental problem here is that open() mixes information about the type of operation to perform with the name of the file on which to perform that operation - which is very poor API design. My advice is to use sysopen() consistently except for these two cases: open(PIPE, "-|") and open(PIPE, "|-"). DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message