Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re: Dangerous Characters for system calls

by graff (Chancellor)
on Oct 15, 2013 at 23:53 UTC ( #1058372=note: print w/replies, xml ) Need Help??


in reply to Dangerous Characters for system calls

Following up on the 2nd reply (++ on that one), I think it's hard to imagine a situation where the content from an email form "has to be passed through various Linux system calls." Maybe you think it has to, but I suspect you're wrong.

Whatever Linux processes you're talking about, there are bound to be ways to do what you intend to do without exposing untrusted text to a shell command line.

As for what the "risky" characters are, it's likely that all ASCII characters that match [^^/%@+\w-] are able to invoke "non-literal meanings" in a bash command line. Some (like ~ or #) might only do this if they occur in certain positions.

As for any non-ASCII characters that might happen to show up from a web form, well, who knows... I'd rather not have to experiment with that.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1058372]
help
Chatterbox?
[ambrus]: Corion: schmorp points out https://metacpan. org/pod/release/ KARASIK/Prima-1. 49/pod/Prima/File. pod,
[ambrus]: so there's an IO waiter (Prima::File) and a timer (Prima::Timer) maybe it's possible to write an AnyEvent loop driver over it, a saner one than POE

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (15)
As of 2016-12-07 16:35 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    On a regular basis, I'm most likely to spy upon:













    Results (130 votes). Check out past polls.