Re: how to call system commands from cgi file?


good chemistry is complicated, and a little bit messy -LW
	PerlMonks

Re: how to call system commands from cgi file?

by jeffa (Bishop)

on Jun 26, 2015 at 19:35 UTC ( [id://1132217]=note: print w/replies, xml )

Need Help??

in reply to how to call system commands from cgi file?

Something else you should consider is that you are opening yourself for a potential attack by allowing the user to supply data that you will feed to system, etc. You really should consider using Safe to scrub the data for things like cat /etc/passwd or rm -rf /. Try running these these two pieces of code on your *nix environment:

# BAD!
perl -E'my $cmd = "@ARGV"; print `$cmd`' cat /etc/passwd
[download]

# BETTER!
perl -MSafe -E'my $c=Safe->new; my $cmd = $c->reval("@ARGV"); print `$
+cmd`' cat /etc/passwd
[download]

jeffa

L-LL-L--L-LL-L--L-LL-L--
-R--R-RR-R--R-RR-R--R-RR
B--B--B--B--B--B--B--B--
H---H---H---H---H---H---
(the triplet paradiddle with high-hat)

Comment on Re: how to call system commands from cgi file? Select or Download Code

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://1132217]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others making s'mores by the fire in the courtyard of the Monastery: (4)

As of 2024-04-24 18:29 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found