> Bob Mangold <[EMAIL PROTECTED]> said:
> This is somewhat alarming to me because I hadn't realized this potential
> before, but is there an easy way to check what is being opened. Would using a
> -f() or -d() to verify that you were actually opening a file or directory do
> the trick?
Be mindful that you can only execute a command when doing a pipe open. What
perl does under the covers is takes the second argument as a command string
and executes the command string as a shell command. The shell is a very
general purpose scripting language and you can do all sorts of unintended
stuff with it.
The rule here is do not trust anything the user sends you as input. If you
really do not trust executing a shell when doing a pipe open, you can roll
your own interprocess communication primitives with the pipe, exec, and fork
functions.
--
Smoot Carl-Mitchell
Consultant
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
