From owner-cvs-all  Thu Jan  4  8:21:24 2001
From owner-cvs-all@FreeBSD.ORG  Thu Jan  4 08:21:21 2001
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mailgate.originative.co.uk (mailgate.originative.co.uk [62.232.68.68])
	by hub.freebsd.org (Postfix) with ESMTP
	id 45B1337B400; Thu,  4 Jan 2001 08:21:21 -0800 (PST)
Received: from freebsd-services.co.uk (lobster.originative.co.uk [62.232.68.81])
	by mailgate.originative.co.uk (Postfix) with ESMTP
	id AAEBE1D140; Thu,  4 Jan 2001 16:21:17 +0000 (GMT)
Sender: paul@originative.co.uk
Message-ID: <3A54A329.3A84087F@freebsd-services.co.uk>
Date: Thu, 04 Jan 2001 16:22:01 +0000
From: Paul Richards <paul@freebsd-services.co.uk>
X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: Mark Murray <mark@grondar.za>, Paul Richards <paul@FreeBSD.org>,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.sbin/pkg_install/update pkg_update.pl
References: <xzp8zorla59.fsf@flood.ping.uio.no> <200101041509.f04F9kY06526@gratis.grondar.za> <xzp3dezl2gm.fsf@flood.ping.uio.no>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Dag-Erling Smorgrav wrote:
> 
> Mark Murray <mark@grondar.za> writes:
> > > >   $file not be what you expect, particularly should $file turn out to be
> > > >   "+REQUIRES" since ">+" is a valid open mode.
> > > This would not be a problem if you used sysopen() instead of open().
> > Even better - properly sanitise $file using taint-like checking.

Taint wouldn't actually solve this problem, since + is a valid part of
the filename.

> This is a crutch, not a cure. The fundamental problem here is that
> open() mixes information about the type of operation to perform with
> the name of the file on which to perform that operation - which is
> very poor API design. My advice is to use sysopen() consistently
> except for these two cases: open(PIPE, "-|") and open(PIPE, "|-").

sysopen() is not portable, it is a wrapper to the underlying OS open()
call and as such you have to know what the OS file modes are.

Paul.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message