Hmm...
The wrapper script doesn't elevate privileges in any way so if you want to touch /root/evilfile then you need root privileges. In which case you can touch whatever you like. Or am I missing something?
Also, I think in your proposal the data on STDIN would be lost, but I have not tested it either. Using eof() is a simpler way to check for data but in practice it wouldn't save anything in this case. Reading from an EOF handle shouldn't take long, and if it's not EOF then I need to read the data anyway. (Or pass it to /bin/mail some other way?)
-- FloydATC
Time flies when you don't know what you're doing
| [reply] [d/l] [select] |
But if you wanted to send an e-mail with "; touch /root/evilfile" as a subject, you will end up creating a file instead. Also, arguments containing spaces simply break, because, given @ARGV=("login@host", "-s", "some topic") you run /bin/mail login@host -s some topic - without quotes or (preferrably) stating array of command line arguments (multi-argument form of open/system/exec).
Examples of bad behaviour which can be solved using open(my $ch, "|-", "/bin/mail", @ARGV):
$ cat if-mail.pl
#!/usr/bin/perl
exit 0 unless (my @lines = <STDIN>);
open(my $mail, "|-", join " ", "/usr/bin/mail", @ARGV) or die $!;
print $mail @lines;
$ LC_ALL=C ./if-mail.pl root@localhost -s "do not run echo; touch ~/zz
+z && ls ~/zzz - it does not make sense"
TEST
^D
ls: cannot access -: No such file or directory
ls: cannot access it: No such file or directory
ls: cannot access does: No such file or directory
ls: cannot access not: No such file or directory
ls: cannot access make: No such file or directory
ls: cannot access sense: No such file or directory
/home/aitap/zzz
$ ./if-mail.pl root@localhost -s "try running echo *"
TEST
^D
Trying to read the mail, I get:
Also, I think in your proposal the data on STDIN would be lost, but I have not tested it either.
I was thinking about the simpliest way of passing the STDIN by just jeaving it to the process being executed, but yes, using eof on STDIN before the exec does indeed lose the first line of input (even on pipes). I have not figured a way around this, neither $|++ nor setbuf helped.
| [reply] [d/l] [select] |