Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

(jeffa) Re: Run arbitrary UNIX commands on webserver without telnet

by jeffa (Bishop)
on Oct 30, 2001 at 20:59 UTC ( #122133=note: print w/replies, xml ) Need Help??

in reply to Run arbitrary UNIX commands on webserver without telnet

This sounds like a job for SOAP. Also notice the use of the lookup table - instead of allowing the user to send arbitrary commands, only allow them a handlful of tokens that you consider safe:
package RPC; sub new { my $proto = shift; my $class = ref($proto) || $proto; my $self = { ls => 'ls -la' top => 'top -b -n1' who => 'w' }; return bless $self, $class; } sub exec { my ($self,$cmd) = @_; $cmd = $self{$cmd} || return "bad command\n"; `$cmd`; }
Take a gander at SOAP::Lite for more info, also check out $code or die's review on the module.

Update: I should mention that if you actually want the user to be able to have 'state', then you need to add sessions - check out Apache::Session. For example, if the user issues 'cd /' and then 'pwd' - the result of the 'pwd' will show that they are back at their home directory, and not root.

But, if they need that - then you really should just use ssh. :)


  • Comment on (jeffa) Re: Run arbitrary UNIX commands on webserver without telnet
  • Download Code

Replies are listed 'Best First'.
Re: (dmm): Run arbitrary UNIX commands on webserver without telnet
by dmmiller2k (Chaplain) on Oct 30, 2001 at 23:26 UTC

    I can see this discussion has somehow gone off on a tangent.

    This approach was NOT (repeat: NOT) ever meant for USERS to see, much less use.

    It is, temporarily, a way to:
    • find out the cwd (e.g., by running 'pwd'), for example, in order to install some script you got from somewhere that needs to know where it is installed,
    • unpack a gzipped tarball you just FTP'ed onto a site ('zcat whatever.tar.gz|tar -xvf -'),
    • determine the version of perl you're running ('perl -V')
    • etc.

    Once again, this is not for users. It is for me, the developer!


    You can give a man a fish and feed him for a day ...
    Or, you can teach him to fish and feed him for a lifetime
      Ah, okay - i see the difference now. But remember this, it is for you AND anyone who hacks your packets while you run this.


      You can give a man a fire and warm him for a day . . .
      or you could set the man on fire and keep him warm for a lifetime

      (quote stolen from boo_radley)



Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://122133]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (2)
As of 2017-11-19 05:19 GMT
Find Nodes?
    Voting Booth?
    In order to be able to say "I know Perl", you must have:

    Results (278 votes). Check out past polls.