From: Tom Christiansen <tchrist@mox.perl.com> Subject: TIP: Using magic <ARGV> Date: 22 May 1998 14:10:16 GMT Did you know that when you do: while (<>) it does while (<ARGV>) which auto-opens, pretty much like open(ARGV, $ARGV = shift @ARGV); Did you know that open takes arguments like "foo|" just as happily as it does "foo"? Look at this: $ cmd0 | myscript f1 - "cmd1 2>&1|" f2 "cmd2|cmd3|" f3 The program called *myscript* would first open and process the file ``f1''. Then it would open a file named ``-'', a magic file that means to interpolate standard input, in this case the output from the command ``cmd0''. The next ``file'' in its @ARGV list is ``cmd1 2>&1|'', which isn't a file at all, but a request to run ``cmd2'' with its standard error copied into its standard out. Next comes the plain old file ``f2'', followed by another pipe-looking specification, this one launching two commands, ``cmd2'' feeding into ``cmd3'' and finally into ``myscript''. We end finally with a normal file again. All this is because Perl's *open* is ``magical''--it does special things for you. And the magic ARGV processing just calls Perl's normal `open', which means that ARGV, too, is magical! This is very powerful and flexible. Compare with the tctee example posted a few minutes ago, which uses the same technique but for output opening. Of course, magic ARGV is probably not a good idea in a setuid program. Nor is magic `open', for that matter. But since any security-conscious program should run under taint mode, and both @ARGV and any user-input are be default tainted, Perl would catch someone trying to do naughty things here. For setuid scripts, in fact, it catches it automatically, even without specifying -T on the command line. --tom -- What about WRITING it first and rationalizing it afterwords? :-) --Larry Wall in <8162@jpl-devvax.JPL.NASA.GOV>