1*0Sstevel@tonic-gatepackage filetest; 2*0Sstevel@tonic-gate 3*0Sstevel@tonic-gateour $VERSION = '1.01'; 4*0Sstevel@tonic-gate 5*0Sstevel@tonic-gate=head1 NAME 6*0Sstevel@tonic-gate 7*0Sstevel@tonic-gatefiletest - Perl pragma to control the filetest permission operators 8*0Sstevel@tonic-gate 9*0Sstevel@tonic-gate=head1 SYNOPSIS 10*0Sstevel@tonic-gate 11*0Sstevel@tonic-gate $can_perhaps_read = -r "file"; # use the mode bits 12*0Sstevel@tonic-gate { 13*0Sstevel@tonic-gate use filetest 'access'; # intuit harder 14*0Sstevel@tonic-gate $can_really_read = -r "file"; 15*0Sstevel@tonic-gate } 16*0Sstevel@tonic-gate $can_perhaps_read = -r "file"; # use the mode bits again 17*0Sstevel@tonic-gate 18*0Sstevel@tonic-gate=head1 DESCRIPTION 19*0Sstevel@tonic-gate 20*0Sstevel@tonic-gateThis pragma tells the compiler to change the behaviour of the filetest 21*0Sstevel@tonic-gatepermission operators, C<-r> C<-w> C<-x> C<-R> C<-W> C<-X> 22*0Sstevel@tonic-gate(see L<perlfunc>). 23*0Sstevel@tonic-gate 24*0Sstevel@tonic-gateThe default behaviour is to use the mode bits as returned by the stat() 25*0Sstevel@tonic-gatefamily of calls. This, however, may not be the right thing to do if 26*0Sstevel@tonic-gatefor example various ACL (access control lists) schemes are in use. 27*0Sstevel@tonic-gateFor such environments, C<use filetest> may help the permission 28*0Sstevel@tonic-gateoperators to return results more consistent with other tools. 29*0Sstevel@tonic-gate 30*0Sstevel@tonic-gateEach "use filetest" or "no filetest" affects statements to the end of 31*0Sstevel@tonic-gatethe enclosing block. 32*0Sstevel@tonic-gate 33*0Sstevel@tonic-gateThere may be a slight performance decrease in the filetests 34*0Sstevel@tonic-gatewhen C<use filetest> is in effect, because in some systems 35*0Sstevel@tonic-gatethe extended functionality needs to be emulated. 36*0Sstevel@tonic-gate 37*0Sstevel@tonic-gateB<NOTE>: using the file tests for security purposes is a lost cause 38*0Sstevel@tonic-gatefrom the start: there is a window open for race conditions (who is to 39*0Sstevel@tonic-gatesay that the permissions will not change between the test and the real 40*0Sstevel@tonic-gateoperation?). Therefore if you are serious about security, just try 41*0Sstevel@tonic-gatethe real operation and test for its success - think in terms of atomic 42*0Sstevel@tonic-gateoperations. 43*0Sstevel@tonic-gate 44*0Sstevel@tonic-gate=head2 subpragma access 45*0Sstevel@tonic-gate 46*0Sstevel@tonic-gateCurrently only one subpragma, C<access> is implemented. It enables 47*0Sstevel@tonic-gate(or disables) the use of access() or similar system calls. This 48*0Sstevel@tonic-gateextended filetest functionality is used only when the argument of the 49*0Sstevel@tonic-gateoperators is a filename, not when it is a filehandle. 50*0Sstevel@tonic-gate 51*0Sstevel@tonic-gate=cut 52*0Sstevel@tonic-gate 53*0Sstevel@tonic-gate$filetest::hint_bits = 0x00400000; # HINT_FILETEST_ACCESS 54*0Sstevel@tonic-gate 55*0Sstevel@tonic-gatesub import { 56*0Sstevel@tonic-gate if ( $_[1] eq 'access' ) { 57*0Sstevel@tonic-gate $^H |= $filetest::hint_bits; 58*0Sstevel@tonic-gate } else { 59*0Sstevel@tonic-gate die "filetest: the only implemented subpragma is 'access'.\n"; 60*0Sstevel@tonic-gate } 61*0Sstevel@tonic-gate} 62*0Sstevel@tonic-gate 63*0Sstevel@tonic-gatesub unimport { 64*0Sstevel@tonic-gate if ( $_[1] eq 'access' ) { 65*0Sstevel@tonic-gate $^H &= ~$filetest::hint_bits; 66*0Sstevel@tonic-gate } else { 67*0Sstevel@tonic-gate die "filetest: the only implemented subpragma is 'access'.\n"; 68*0Sstevel@tonic-gate } 69*0Sstevel@tonic-gate} 70*0Sstevel@tonic-gate 71*0Sstevel@tonic-gate1; 72