On 2/21/07, Gsandtner Michael <[EMAIL PROTECTED]> wrote:
system("/home/foo/nosuid-example arg");
system("/home/foo/nosuid-example \"arg\"");
The difference between these two is that the first runs the example
program, but the second runs a shell and asks it to run the example
program.
When your single argument to system contains shell metacharacters,
such as double quote marks, that string is passed to /bin/sh. That's
the program that knows what to do with those metacharacters. (It's
also the program that's not passing on the set-id state to its child
process, of course. That sounds like a security feature.)
If you don't want to involve a shell, pass a list of arguments to
system. The first item in the list is the program to invoke, and the
remaining items are the arguments to that program, with no extra
quotes needed.
Hope this helps!
--Tom Phoenix
Stonehenge Perl Training
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
