_____________________________________________________
Jeff[japhy]Pinyan: Perl, regex, and perl hacker.
s++=END;++y(;-P)}y js++=;shajsj<++y(p-q)}?print:??;

Of course Perl 5.6 has multi-arg open ... I promoted its use in the node that started this thread!

Sheesh, japhy, I know you're busy -- but set an example, please, and read the articles you respond to. OK?

PS: Thanks for the perlopentut reminder.

    -- Chip Salzenberg, Free-Floating Agent of Chaos

I did read it, and that's why I too mentioned multi-arg open()... I was agreeing with you.

_____________________________________________________
Jeff[japhy]Pinyan: Perl, regex, and perl hacker.
s++=END;++y(;-P)}y js++=;shajsj<++y(p-q)}?print:??;

I think anyone starting a filename with whitespace deserves to suffer.

It's not a matter of suffering or not. It's a matter of being able to bypass security.

Suppose a setuid script will only write to a file I own, and I want to attack "fred". I create "(space)fred", it checks with "-O" and notes that I own it, and then proceeds to strip the whitespace on the open. And boom, I've written into a file I don't own.

Do not simply "ignore" special characters, saying "the user will have to suffer". As a bad guy, I could exploit your ignorance (heh), and get in. Bad design, worse results.

-- Randal L. Schwartz, Perl hacker

Bash will tab complete a file beginning with a space as well, but you need to use a quote mark before the space to distinguish it from a normal space...

% touch " tmpfile"
% rm " [TAB-autocomplete]
[download]

-Blake