1 | package filetest; |
---|
2 | |
---|
3 | =head1 NAME |
---|
4 | |
---|
5 | filetest - Perl pragma to control the filetest permission operators |
---|
6 | |
---|
7 | =head1 SYNOPSIS |
---|
8 | |
---|
9 | $can_perhaps_read = -r "file"; # use the mode bits |
---|
10 | { |
---|
11 | use filetest 'access'; # intuit harder |
---|
12 | $can_really_read = -r "file"; |
---|
13 | } |
---|
14 | $can_perhaps_read = -r "file"; # use the mode bits again |
---|
15 | |
---|
16 | =head1 DESCRIPTION |
---|
17 | |
---|
18 | This pragma tells the compiler to change the behaviour of the filetest |
---|
19 | permissions operators, the C<-r> C<-w> C<-x> C<-R> C<-W> C<-X> |
---|
20 | (see L<perlfunc>). |
---|
21 | |
---|
22 | The default behaviour to use the mode bits as returned by the stat() |
---|
23 | family of calls. This, however, may not be the right thing to do if |
---|
24 | for example various ACL (access control lists) schemes are in use. |
---|
25 | For such environments, C<use filetest> may help the permission |
---|
26 | operators to return results more consistent with other tools. |
---|
27 | |
---|
28 | Each "use filetest" or "no filetest" affects statements to the end of |
---|
29 | the enclosing block. |
---|
30 | |
---|
31 | There may be a slight performance decrease in the filetests |
---|
32 | when C<use filetest> is in effect, because in some systems |
---|
33 | the extended functionality needs to be emulated. |
---|
34 | |
---|
35 | B<NOTE>: using the file tests for security purposes is a lost cause |
---|
36 | from the start: there is a window open for race conditions (who is to |
---|
37 | say that the permissions will not change between the test and the real |
---|
38 | operation?). Therefore if you are serious about security, just try |
---|
39 | the real operation and test for its success. Think atomicity. |
---|
40 | |
---|
41 | =head2 subpragma access |
---|
42 | |
---|
43 | Currently only one subpragma, C<access> is implemented. It enables |
---|
44 | (or disables) the use of access() or similar system calls. This |
---|
45 | extended filetest functionality is used only when the argument of the |
---|
46 | operators is a filename, not when it is a filehandle. |
---|
47 | |
---|
48 | =cut |
---|
49 | |
---|
50 | $filetest::hint_bits = 0x00400000; |
---|
51 | |
---|
52 | sub import { |
---|
53 | if ( $_[1] eq 'access' ) { |
---|
54 | $^H |= $filetest::hint_bits; |
---|
55 | } else { |
---|
56 | die "filetest: the only implemented subpragma is 'access'.\n"; |
---|
57 | } |
---|
58 | } |
---|
59 | |
---|
60 | sub unimport { |
---|
61 | if ( $_[1] eq 'access' ) { |
---|
62 | $^H &= ~$filetest::hint_bits; |
---|
63 | } else { |
---|
64 | die "filetest: the only implemented subpragma is 'access'.\n"; |
---|
65 | } |
---|
66 | } |
---|
67 | |
---|
68 | 1; |
---|