From: Mark Overmeer Date: Fri, 30 Nov 2007 11:38:20 +0000 (+0100) Subject: Documentation patch on filetests, the filetest pragma, and the X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=ecae030fcfcdbbdfbc6f18beb3ab7e4feaf5d4c6;p=p5sagit%2Fp5-mst-13.2.git Documentation patch on filetests, the filetest pragma, and the special _ filehandle, largely based on : Subject: Re: [perl #46463] filetests sometimes do not set _ Message-ID: <20071130103820.GH12588@earth.overmeer.net> p4raw-id: //depot/perl@32587 --- diff --git a/lib/filetest.pm b/lib/filetest.pm index 0c62741..ed23e3f 100644 --- a/lib/filetest.pm +++ b/lib/filetest.pm @@ -1,6 +1,6 @@ package filetest; -our $VERSION = '1.01'; +our $VERSION = '1.02'; =head1 NAME @@ -21,32 +21,78 @@ This pragma tells the compiler to change the behaviour of the filetest permission operators, C<-r> C<-w> C<-x> C<-R> C<-W> C<-X> (see L). -The default behaviour is to use the mode bits as returned by the stat() -family of calls. This, however, may not be the right thing to do if -for example various ACL (access control lists) schemes are in use. +The default behaviour of file test operators is to use the simple +mode bits as returned by the stat() family of system calls. However, +many operating systems have additional features to define more complex +access rights, for example ACLs (Access Control Lists). For such environments, C may help the permission operators to return results more consistent with other tools. -Each "use filetest" or "no filetest" affects statements to the end of -the enclosing block. +The C or C statements affect file tests defined in +their block, up to the end of the closest enclosing block (they are lexically +block-scoped). -There may be a slight performance decrease in the filetests -when C is in effect, because in some systems -the extended functionality needs to be emulated. +Currently, only the C sub-pragma is implemented. It enables (or +disables) the use of access() when available, that is, on most UNIX systems and +other POSIX environments. See details below. -B: using the file tests for security purposes is a lost cause +=head2 Consider this carefully + +The stat() mode bits are probably right for most of the files and +directories found on your system, because few people want to use the +additional features offered by access(). But you may encounter surprises +if your program runs on a system that uses ACLs, since the stat() +information won't reflect the actual permissions. + +There may be a slight performance decrease in the filetest operations +when the filetest pragma is in effect, because checking bits is very +cheap. + +Also, note that using the file tests for security purposes is a lost cause from the start: there is a window open for race conditions (who is to say that the permissions will not change between the test and the real operation?). Therefore if you are serious about security, just try the real operation and test for its success - think in terms of atomic -operations. +operations. Filetests are more useful for filesystem administrative +tasks, when you have no need for the content of the elements on disk. + +=head2 The "access" sub-pragma + +UNIX and POSIX systems provide an abstract access() operating system call, +which should be used to query the read, write, and execute rights. This +function hides various distinct approaches in additional operating system +specific security features, like Access Control Lists (ACLs) + +The extended filetest functionality is used by Perl only when the argument +of the operators is a filename, not when it is a filehandle. + +=head2 Limitation with regard to C<_> + +Because access() does not invoke stat() (at least not in a way visible +to Perl), B. This means that the +outcome of the following two tests is different. The first has the stat +bits of C in C<_>, and in the second case this still +contains the bits of C. + + { -d '/etc'; + -w '/etc/passwd'; + print -f _ ? 'Yes' : 'No'; # Yes + } + + { use filetest 'access'; + -d '/etc'; + -w '/etc/passwd'; + print -f _ ? 'Yes' : 'No'; # No + } + +Of course, unless your OS does not implement access(), in which case the +pragma is simply ignored. Best not to use C<_> at all in a file where +the filetest pragma is active! -=head2 subpragma access +As a side effect, as C<_> doesn't work, stacked filetest operators +(C<-f -w $file>) won't work either. -Currently only one subpragma, C is implemented. It enables -(or disables) the use of access() or similar system calls. This -extended filetest functionality is used only when the argument of the -operators is a filename, not when it is a filehandle. +This limitation might be removed in a future version of perl. =cut diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod index 529495f..a779b3b 100644 --- a/pod/perlfunc.pod +++ b/pod/perlfunc.pod @@ -344,10 +344,12 @@ Example: The interpretation of the file permission operators C<-r>, C<-R>, C<-w>, C<-W>, C<-x>, and C<-X> is by default based solely on the mode of the file and the uids and gids of the user. There may be other -reasons you can't actually read, write, or execute the file. Such -reasons may be for example network filesystem access controls, ACLs -(access control lists), read-only filesystems, and unrecognized -executable formats. +reasons you can't actually read, write, or execute the file: for +example network filesystem access controls, ACLs (access control lists), +read-only filesystems, and unrecognized executable formats. Note +that the use of these six specific operators to verify if some operation +is possible is usually a mistake, because it may be open to race +conditions. Also note that, for the superuser on the local filesystems, the C<-r>, C<-R>, C<-w>, and C<-W> tests always return 1, and C<-x> and C<-X> return 1 @@ -362,8 +364,11 @@ will test whether the permission can (not) be granted using the access() family of system calls. Also note that the C<-x> and C<-X> may under this pragma return true even if there are no execute permission bits set (nor any extra execute permission ACLs). This strangeness is -due to the underlying system calls' definitions. Read the -documentation for the C pragma for more information. +due to the underlying system calls' definitions. Note also that, due to +the implementation of C, the C<_> special +filehandle won't cache the results of the file tests when this pragma is +in effect. Read the documentation for the C pragma for more +information. Note that C<-s/a/b/> does not do a negated substitution. Saying C<-exp($foo)> still works as expected, however--only single letters