[LWN Logo]

From: Tom Christiansen <tchrist@mox.perl.com>
Subject: TIP: Using magic <ARGV>
Date: 22 May 1998 14:10:16 GMT

Did you know that when you do:

    while (<>)

it does 

    while (<ARGV>) 

which auto-opens, pretty much like

    open(ARGV, $ARGV = shift @ARGV);

Did you know that open takes arguments like "foo|" just as
happily as it does "foo"?  Look at this:

    $ cmd0 | myscript f1 - "cmd1 2>&1|" f2 "cmd2|cmd3|" f3

The program called *myscript* would first open and process the file
``f1''. Then it would open a file named ``-'', a magic file that means
to interpolate standard input, in this case the output from the command
``cmd0''. The next ``file'' in its @ARGV list is ``cmd1 2>&1|'', which
isn't a file at all, but a request to run ``cmd2'' with its standard
error copied into its standard out. Next comes the plain old file ``f2'',
followed by another pipe-looking specification, this one launching two
commands, ``cmd2'' feeding into ``cmd3'' and finally into ``myscript''. 
We end finally with a normal file again.

All this is because Perl's *open* is ``magical''--it does special
things for you. And the magic ARGV processing just calls Perl's normal
`open', which means that ARGV, too, is magical!   This is very powerful
and flexible.  Compare with the tctee example posted a few minutes 
ago, which uses the same technique but for output opening.  

Of course, magic ARGV is probably not a good idea in a setuid program. Nor
is magic `open', for that matter. But since any security-conscious
program should run under taint mode, and both @ARGV and any user-input
are be default tainted, Perl would catch someone trying to do naughty
things here. For setuid scripts, in fact, it catches it automatically,
even without specifying -T on the command line. 

--tom
-- 
    What about WRITING it first and rationalizing it afterwords?  :-)
                    --Larry Wall in <8162@jpl-devvax.JPL.NASA.GOV>