comment on

What do you mean by "really know"?

Heh, you introducted this root, not me:

Some of these scripts are run by root, and he may don't even know that they written in Perl, I don't think he checking that there are no files with | or < in their names.

And root access is not a requirement to fall into that trap, ordinary users, who don't even know what Perl is, also can run these scripts.

Running whatever * while not knowing what * expands to or what whatever does is dangerous regardless of the language whatever is written in. Disabling magic open in Perl isn't going to fix the potential problems with this technique.

It's like saying "let's turn all Toyotas into bumper cars, as there are people crossing the road with their eyes closed". That doesn't make crossing the road with your eyes closed safe - you still get run down by Fords and other cars.

In reply to Re^5: magic-diamond <> behavior -- WHAT?! by JavaFan
in thread magic-diamond <> behavior -- WHAT?! by repellent

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.