Re: [groff] [PATCH] Avoid Perl's unsafe "<>" operator

[Deri]

On Thursday, 28 February 2019 19:42:45 GMT Colin Watson wrote:
> On Thu, Jan 24, 2019 at 02:34:35PM +0000, Colin Watson wrote:
> > The "<>" operator is implemented using the two-argument form of "open",
> > which interprets magic such as pipe characters, allowing execution of
> > arbitrary commands which is unlikely to be expected.  Perl >= 5.22 has a
> > "<<>>" operator which avoids this, but also forbids the use of "-" to
> > mean the standard input, which is a facility that the affected groff
> > programs document.
> 
> [...]
> 
> Has anyone had a chance to review this patch (also in
> https://savannah.gnu.org/bugs/?55557, after Deri's suggestion)?  Should
> I just go ahead and commit it?
> 
> I'm going to upload this patch to Debian unstable shortly in the cause
> of getting release-critical bug fixes in ahead of our upcoming full
> freeze, but it would be better to get it into upstream as well.
> 
> Thanks,

Hi Colin,

There appear to be a lot of extra changes in the patch which are not to do 
with what we are trying to fix.

There may also be a problem with the gropdf patch. One aspect of using "<>" is 
that if there are multiple files on the command line an eof is not signalled 
between the files, i.e. after reading the last line of the first file the next 
read will be the first line of the next file. This may not have an impact but 
the read in the LoadAhead subroutine may be done on a file which is at eof, 
rather than the first line of the next file. I admit this may not cause an 
issue in normal operation but is a change in behaviour.

I prefer the first solution you suggested, upon which my code was based, 
because there will be no change of behaviour. I have been unable to find a way 
of defeating this protection method to make "<>" safe. Do you know of a way to 
circumvent it?

Cheers 

Deri