Aanhalen Dave Palmer <[EMAIL PROTECTED]>:
>
> Also... -T can be your friend, espcially with CGI
>
> ./dave
>
> >
> > Dave Palmer wrote:
> >
> > : Your working script is *definitely* the way you want to go...
> > its generally
> > : a no-no to ever give user 'nobody' (e.g. web server) access to
> > your shell
> > : (which is what is happening with the system() call).
> >
> > I wouldn't be so restrictive about it; sometimes it's necessary
> > to launch a
> > subprocess. You just need to know how to do it without opening a
> > shell. The
> > given example:
> >
> > : > system "(/usr/sbin/ping -sRv -I 1 $pnode 64
> 5)>/tmp/pingresults.$$";
> >
> > is bad bad bad because it opens a shell to run the command. (Hint:
> > What does the argument to system() look like if someone enters a
> $pnode
> > of "foo; rm -rf *"?)
> >
> > This can be avoided by calling the a) not having any shell
> > metacharacters, like () and >, in the command line, and b) passing the
> > command and command-line options to system() or exec() as a list
> > instead of a string. Here's a safer example:
> >
> > open PINGRESULTS, ">/tmp/pingresults.$$" or die $!;
> > open PING, "-|" or exec "/usr/sbin/ping", "-sRv", "-I", "1",
> > $pnode, 64, 5);
> > while (<PING>) { print PINGRESULTS; }
> > close PING;
> > close PINGRESULTS;
> >
> > Wordier, but safer, because the exec() doesn't open a shell to run the
> > command. (Yes, I know ">/tmp/pingresults.$$" does open a shell, but
> the
> > only variable in it is the process ID, and that's not coming from
> > outside the script, so it would pass a taint check.)
> >
> > : In fact, I wouldn't be surprised if the sys admin. doesn't allow
> user
> > : 'nobody'
> > : to do much of anything :)
> >
> > 'nobody' is usually defined not to have a default shell, valid
> > group id, etc.
> > That doesn't mean, though, that it shouldn't be allowed to
> > interact with the
> > system when it needs to. You can't write everything in Perl. ;)
> >
> > -- tdk
>
