Dave Palmer wrote:
: Your working script is *definitely* the way you want to go... its generally
: a no-no to ever give user 'nobody' (e.g. web server) access to your shell
: (which is what is happening with the system() call).
I wouldn't be so restrictive about it; sometimes it's necessary to launch a
subprocess. You just need to know how to do it without opening a shell. The
given example:
: > system "(/usr/sbin/ping -sRv -I 1 $pnode 64 5)>/tmp/pingresults.$$";
is bad bad bad because it opens a shell to run the command. (Hint:
What does the argument to system() look like if someone enters a $pnode
of "foo; rm -rf *"?)
This can be avoided by calling the a) not having any shell
metacharacters, like () and >, in the command line, and b) passing the
command and command-line options to system() or exec() as a list
instead of a string. Here's a safer example:
open PINGRESULTS, ">/tmp/pingresults.$$" or die $!;
open PING, "-|" or exec "/usr/sbin/ping", "-sRv", "-I", "1", $pnode, 64, 5);
while (<PING>) { print PINGRESULTS; }
close PING;
close PINGRESULTS;
Wordier, but safer, because the exec() doesn't open a shell to run the
command. (Yes, I know ">/tmp/pingresults.$$" does open a shell, but the
only variable in it is the process ID, and that's not coming from
outside the script, so it would pass a taint check.)
: In fact, I wouldn't be surprised if the sys admin. doesn't allow user
: 'nobody'
: to do much of anything :)
'nobody' is usually defined not to have a default shell, valid group id, etc.
That doesn't mean, though, that it shouldn't be allowed to interact with the
system when it needs to. You can't write everything in Perl. ;)
-- tdk
