Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the significance of -T or -w in #!/usr/bin/perl?

I googled about #!/usr/bin/perl, but I could not find any satisfactory answer. I know it’s a pretty basic thing, but still, could explain me what is the significance of #!/usr/bin/perl in Perl? Moreover, what does -w or -T signify in #!/usr/bin/perl? I am a newbie to Perl, so please be patient.

like image 784
vijay Avatar asked Jun 29 '12 06:06

vijay


3 Answers

It's called a shebang. On Unix based systems (OSX, Linux, etc...) that line indicates the path to the language interpreter when the script is run from the command line. In the case of perl /usr/bin/perl is the path to the perl interpreter. If the hashbang is left out the *nix systems won't know how to parse the script when invoked as an executable. It will instead try to interpret the script in whatever shell the user happens to be running (probably bash) and break the script.

http://en.wikipedia.org/wiki/Hashbang

The -W and -T are arguments that controll the way the perl interpreter operates. They are the same arguments that you could invoke when calling perl interpreter directly from the command line.

  • -W shows warnings (aka debuging information).
  • -T turns on taint / security checking.
like image 103
Jordan Shute Avatar answered Oct 20 '22 12:10

Jordan Shute


The #! is commonly called a "shebang" and it tells the computer how to run a script. You'll also see lots of shell-scripts with #!/bin/sh or #!/bin/bash.

So, /usr/bin/perl is your Perl interpreter and it is run and given the file to execute.

The rest of the line are options for Perl. The "-T" is tainting (it means input is marked as "not trusted" until you check it's format). The "-w" turns warnings on.

You can find out more by running perldoc perlrun (perldoc is Perl's documentation reader, might be installed, might be in its own package).

For scripts you write I would recommend starting them with:

#!/usr/bin/perl
use warnings;
use strict;

This turns on lots of warnings and extra checks - especially useful while you are learning (I'm still learning and I've been using Perl for more than 10 years now).

like image 34
Richard Huxton Avatar answered Oct 20 '22 14:10

Richard Huxton


Both -w and -T are sort of "foolproof" flags.

-w is the same as use warning statement in your code, and it's an equivalent of warning option in many compilers. A simplest example would be a warning about using uninitialized variable:

#!/usr/bin/perl -w
print "$A\n";
print "Hello, world!\n";

Will print:

Name "main::A" used only once: possible typo at ./perl-warnings line 3.
Use of uninitialized value $A in concatenation (.) or string at
./perl-warnings line 3.

Hello, world!

The -T flag means that any value that came from the outside world (as opposite to being calculated inside the program) is considered potential threat, and disallows usage of such values in system-related operations, like writing files, executing system command, etc. (That's why Perl would activate the "taint" mode when the script is running under setuid/setgid.)

The "tainted" mode is "enforcing" you to double-check the value inside the script.

E.g., the code:

#!/usr/bin/perl -T
$A = shift;
open FILE, ">$A";
print "$A\n";
close FILE;

Will produce a fatal error (terminating the program):

$ ./perl-tainted jkjk
Insecure dependency in open while running with -T switch at
./perl-tainted line 3.

And that's only because the argument value came from "outside" and was not "double-checked". The "taint" mode is drawing your attention to that fact. Of course, it's easy to fool it, e.g.:

#!/usr/bin/perl -T
$A = shift;
$A = $1 if $A =~ /(^.*$)/;
open FILE, ">$A";
print "$A\n";
close FILE;

In this case everything worked fine. You "fooled" the "taint mode". Well, the assumption is that programer's intentions are to make the program safer, so the programmer wouldn't just work around the error, but would rather take some security measures. One of Perl's nicknames is "the glue and the duct tape of system administrators". It's not unlikely that system administrator would create Perl script for his own needs and would run it with root permissions. Think of this script doing something normal users are not allowed to do... you probably want to double-check things which are not part of the program itself, and you want Perl to remind you about them.

Hope it helps.

like image 30
Peter Al Avatar answered Oct 20 '22 14:10

Peter Al