Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

Re: Re: Printing current date and time

by jens (Pilgrim)
on Sep 23, 2002 at 06:16 UTC ( #200022=note: print w/replies, xml ) Need Help??

in reply to Re: Printing current date and time
in thread Printing current date and time

What, if any, safety considerations are there in going with the simple backtick solution?
Are we afraid of a Trojanned date program?

What other security risks might we encounter here?

Microsoft delendum est.

Replies are listed 'Best First'.
Re3: Printing current date and time
by blakem (Monsignor) on Sep 23, 2002 at 08:31 UTC
    The biggest security concern with print `date` is not that system's date binary has been trojaned. If that were the case, you're already screwed. I'd be more concerned that combined with some sort of path munging, an entirely different file named date could be executed. If it used an absolute path name, I dont think there would be much of a security concern at all. i.e. print `/bin/date` would be a step in the right direction.

    From a coding standpoint, shelling out trivial things like this is a performance hit, and I'd flag it in any program that wasn't a throwaway. Of course, virtualsue, only advocated it for use in quick 'n dirty stuff anyway.


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://200022]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (7)
As of 2018-05-22 19:59 GMT
Find Nodes?
    Voting Booth?