Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

(jeffa) Re: Run arbitrary UNIX commands on webserver without telnet

by jeffa (Chancellor)
on Oct 30, 2001 at 20:59 UTC ( #122133=note: print w/ replies, xml ) Need Help??


in reply to Run arbitrary UNIX commands on webserver without telnet

This sounds like a job for SOAP. Also notice the use of the lookup table - instead of allowing the user to send arbitrary commands, only allow them a handlful of tokens that you consider safe:

package RPC; sub new { my $proto = shift; my $class = ref($proto) || $proto; my $self = { ls => 'ls -la' top => 'top -b -n1' who => 'w' }; return bless $self, $class; } sub exec { my ($self,$cmd) = @_; $cmd = $self{$cmd} || return "bad command\n"; `$cmd`; }
Take a gander at SOAP::Lite for more info, also check out $code or die's review on the module.

Update: I should mention that if you actually want the user to be able to have 'state', then you need to add sessions - check out Apache::Session. For example, if the user issues 'cd /' and then 'pwd' - the result of the 'pwd' will show that they are back at their home directory, and not root.

But, if they need that - then you really should just use ssh. :)

jeffa


Comment on (jeffa) Re: Run arbitrary UNIX commands on webserver without telnet
Download Code
Re: (dmm): Run arbitrary UNIX commands on webserver without telnet
by dmmiller2k (Chaplain) on Oct 30, 2001 at 23:26 UTC

    I can see this discussion has somehow gone off on a tangent.

    This approach was NOT (repeat: NOT) ever meant for USERS to see, much less use.

    It is, temporarily, a way to:
    • find out the cwd (e.g., by running 'pwd'), for example, in order to install some script you got from somewhere that needs to know where it is installed,
    • unpack a gzipped tarball you just FTP'ed onto a site ('zcat whatever.tar.gz|tar -xvf -'),
    • determine the version of perl you're running ('perl -V')
    • etc.

    Once again, this is not for users. It is for me, the developer!

    dmm

    
    You can give a man a fish and feed him for a day ...
    Or, you can teach him to fish and feed him for a lifetime
    
      Ah, okay - i see the difference now. But remember this, it is for you AND anyone who hacks your packets while you run this.

      jeffa

      You can give a man a fire and warm him for a day . . .
      or you could set the man on fire and keep him warm for a lifetime

      (quote stolen from boo_radley)

        touché

        dmm

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://122133]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (11)
As of 2014-12-28 02:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (178 votes), past polls