Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: perl -s is evil?

by blakem (Monsignor)
on Nov 15, 2001 at 05:52 UTC ( #125485=note: print w/ replies, xml ) Need Help??


in reply to perl -s is evil?

Yes, -s is very bad, but I hadn't realized just how bad until you posted this.... Among the many globals that I could tweak with -s were $< $> $) and $( which should raise a huge security flag for anyone whos read perlvar. For instance, when saved as evildashs.pl, and envoked as:

% ./evildashs.pl -\<=0 -\>=0 -\(=0 -\)=0

The following code might raise some eyebrows....

#! /usr/bin/perl -wsT use strict; print "\$) = ", $), "\n"; print "\$( = ", $(, "\n"; print "\$< = ", $<, "\n"; print "\$> = ", $>, "\n"; __END__ =head1 OUTPUT $) = 0 $( = 0 $< = 0 $> = 0
I don't think this actually gives the process any new powers, but it would allow someone to execute code that was only supposed to be invoked as root.

Oh, right. I should include the obligatory link to Getopt::Std and Getopt::Long for a much better way to handle command line options.

-Blake


Comment on Re: perl -s is evil?
Download Code
Replies are listed 'Best First'.
Re: Re: perl -s is evil?
by belg4mit (Prior) on Nov 15, 2001 at 21:28 UTC
    Of course Getopt::* isn't actually a solution either. One could simply do perl -s ./IUseGetOptToAvoidEvilDashes.pl -\<=0 -\>=0 -\(=0 -\)=0

    But I agree it is disconcerting, though I wouldn't go so far as to call -s evil.

    -- perl -p -e "s/(?:\w);(<A HREF="/index.pl?node=st&lastnode_id=2437">st< +/A>)/'\$1/mg"

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://125485]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (20)
As of 2015-07-29 15:00 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (263 votes), past polls