![[LWN Logo]](/images/lwn.banner.gif)
From: Tom Christiansen <tchrist@mox.perl.com>
Subject: TIP: Using magic <ARGV>
Date: 22 May 1998 14:10:16 GMT
Did you know that when you do:
while (<>)
it does
while (<ARGV>)
which auto-opens, pretty much like
open(ARGV, $ARGV = shift @ARGV);
Did you know that open takes arguments like "foo|" just as
happily as it does "foo"? Look at this:
$ cmd0 | myscript f1 - "cmd1 2>&1|" f2 "cmd2|cmd3|" f3
The program called *myscript* would first open and process the file
``f1''. Then it would open a file named ``-'', a magic file that means
to interpolate standard input, in this case the output from the command
``cmd0''. The next ``file'' in its @ARGV list is ``cmd1 2>&1|'', which
isn't a file at all, but a request to run ``cmd2'' with its standard
error copied into its standard out. Next comes the plain old file ``f2'',
followed by another pipe-looking specification, this one launching two
commands, ``cmd2'' feeding into ``cmd3'' and finally into ``myscript''.
We end finally with a normal file again.
All this is because Perl's *open* is ``magical''--it does special
things for you. And the magic ARGV processing just calls Perl's normal
`open', which means that ARGV, too, is magical! This is very powerful
and flexible. Compare with the tctee example posted a few minutes
ago, which uses the same technique but for output opening.
Of course, magic ARGV is probably not a good idea in a setuid program. Nor
is magic `open', for that matter. But since any security-conscious
program should run under taint mode, and both @ARGV and any user-input
are be default tainted, Perl would catch someone trying to do naughty
things here. For setuid scripts, in fact, it catches it automatically,
even without specifying -T on the command line.
--tom
--
What about WRITING it first and rationalizing it afterwords? :-)
--Larry Wall in <8162@jpl-devvax.JPL.NASA.GOV>