Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: Re: Printing current date and time

by jens (Pilgrim)
on Sep 23, 2002 at 06:16 UTC ( #200022=note: print w/ replies, xml ) Need Help??


in reply to Re: Printing current date and time
in thread Printing current date and time

What, if any, safety considerations are there in going with the simple backtick solution?
Are we afraid of a Trojanned date program?

What other security risks might we encounter here?

--
Microsoft delendum est.


Comment on Re: Re: Printing current date and time
Re3: Printing current date and time
by blakem (Monsignor) on Sep 23, 2002 at 08:31 UTC
    The biggest security concern with print `date` is not that system's date binary has been trojaned. If that were the case, you're already screwed. I'd be more concerned that combined with some sort of path munging, an entirely different file named date could be executed. If it used an absolute path name, I dont think there would be much of a security concern at all. i.e. print `/bin/date` would be a step in the right direction.

    From a coding standpoint, shelling out trivial things like this is a performance hit, and I'd flag it in any program that wasn't a throwaway. Of course, virtualsue, only advocated it for use in quick 'n dirty stuff anyway.

    -Blake

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://200022]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (7)
As of 2014-10-23 04:48 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (124 votes), past polls