Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

Expect CGI problems

by packetstormer (Monk)
on Aug 15, 2011 at 19:23 UTC ( [id://920336]=perlquestion: print w/replies, xml ) Need Help??

packetstormer has asked for the wisdom of the Perl Monks concerning the following question:

Hello!

I am having a strange problem when trying to run script via CGI. The code is below and when run as the www-data user at the console the script runs fine. There is no errors in any of the apache logs and there is no errors to screen. Can anyone suggest anything?


#!/usr/bin/perl

use diagnostics;
use warnings;
use strict;
use Expect;
use CGI::Carp qw( fatalsToBrowser );

$|=1;

print "Content-type: text/html\n\n";

my $timeout = 10;
my $user = "mysqladmin";
my $pass = "mysqlpassword";
my $database = "items";
my $backup_path = '/tmp/b2.sql';
my $su_user = "anotheruser";
my $su_password = "password";


# Build su command and env
my $cmd = "su -s /bin/sh";
my $run = "$cmd $su_user -c \"mysqldump -v -u $user --password=$pass $
+database > $backup_path\"";

# Check output on screen - remove when live.
print $run;
print "<br/>";

my $exp = Expect->spawn($run) or die "Cannot spawn command \n";

$exp->expect($timeout, ["Password:"]);
$exp->send("$su_password\n");

[download]

Replies are listed 'Best First'.
Re: Expect CGI problems
by ww (Archbishop) on Aug 15, 2011 at 20:18 UTC

    I'm glassy-eyed at the moment, so can't offer anything directly responsive to your immediate question... but line 27 set off my alarms.

    # Check output on screen - remove when live.

    That's NOT all you need to remove:

    use diagnostics; and use CGI::Carp qw( fatalsToBrowser ); don't belong in a live script; especially fatalsToBrowser. That gives someone with malicious intent information you don't need to offer.

    As to the uname and p/w data in lines 15-20, you'll find numerous threads here on alternate ways to provide better security; as it is, Apache (or whatever server you're using) need only hiccup at just the wrong moment, and you've given away the store; in fact, not just the store, but also the block and city.

    See also those threads dealing with "placeholders" for additional safety tips.

[reply]
[d/l]
[select]
Re: Expect CGI problems
by GrandFather (Saint) on Aug 29, 2011 at 22:25 UTC

    Umm, care to tell us what your "strange problem" is?

    True laziness is hard work
[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://920336]
Approved by ww
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others exploiting the Monastery: (6)
As of 2024-04-19 11:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found