Bug #25614 for File-MMagic: [PATCH] use of magic-open causes failure or worse for some filenames

checktype_filename uses the one-argument new FileHandle "< $file" which results in "magic open". As described in http://perldoc.perl.org/functions/open.html, "One should conscientiously choose between the magic and 3-arguments form of open()." The magic form allows filenames with metacharacters that can cause redirection and command execution, but will also fail to open legitimate files whose names contain metacharacters. The conscientious choice depends on the purpose. The most common purpose of a file-type checking module is to determine the types of existing named files; it would be odd to use checktype_filename to determine the content-type of a command pipeline. It would be very common to use it to determine types of files encountered in scanning a filesystem, where the scanning program has no prior knowledge or control over the names it will encounter. As implemented, a scanner will fail if it hits files whose names contain metacharacters, and by creating files with clever names, a user can have commands executed with the privileges of the scanning program. For these purposes, the conscientious choice is the non- magic open, which treats all filenames literally. The attached patch corrects the issue. Users of an unpatched File::MMagic can work around the issue by opening files explicitly and using checktype_filehandle instead (but will lose functionality for non-file and x-bit detection). Chapman Flack Purdue Mathematics

diff -u MMagic.pm MMagic.pm.new --- MMagic.pm Tue May 23 01:55:27 2006 +++ MMagic.pm Wed Mar 21 12:24:28 2007 @@ -540,7 +540,7 @@ my $fh; # $fh = new FileHandle "< $file" or die "$F: $file: $!\n" ; - $fh = new FileHandle "< $file" or return "x-system/x-error; $file: $!\n" ; + $fh = new FileHandle "$file", "<" or return "x-system/x-error; $file: $!\n"; binmode($fh); # for MSWin32