cmpstat#

Check whether a filehandle and a pathname refer to the same file — used to guard against race-based substitution attacks.

Synopsis#

cmpstat($fh, $path) or die "fh/path diverged";

What you get back#

A truthy value if the check passes, 0 otherwise. A passing result is a necessary precondition for safe unlink0-style operations.

Differences from upstream#

  • Upstream compares every field of stat and fstat. This implementation only verifies that $path exists as a regular file; the detailed comparison is not performed. Callers that rely on it for security should add their own verification. Covered by t/81-xs-native/File-Temp/*.t.

See also#

  • unlink0 — wraps cmpstat in the full unlink-while-open flow.

  • safe_level — controls how aggressively these checks are applied.