Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re^2: Directory Structure.

by AppleFritter (Vicar)
on Apr 01, 2017 at 09:59 UTC ( [id://1186669]=note: print w/replies, xml ) Need Help??


in reply to Re: Directory Structure.
in thread Directory Structure.

When doing this, keep in mind that using backticks (``) or the qx// quote-like operator, the command provided is passed through the shell (/bin/sh, whatever THAT really is) and subject to all the usual shell magic. This may be a problem if you're not expecting it, and a security issue if you're passing user input to the shell.

In order to avoid the shell, use system instead and pass a list: 

#!/usr/bin/perl

# ...

system ("mkdir", "-p", map { "$dir/$_" } @files);

[download]

Replies are listed 'Best First'.
Re^3: Directory Structure.
by shmem (Chancellor) on Apr 01, 2017 at 10:13 UTC
    if you're passing user input to the shell

    if youre passing data from untrusted sources unlaundered into the shell (see perlsec) is both more general and to the point. If I'm the user - whom I mostly trust - there's nothing wrong with my data. Except if there is, of course.

    </nitpick>

    perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'
[reply]

      If I'm the user - whom I mostly trust - there's nothing wrong with my data.

      DO you trust yourself?

      I trust myself to not try and actively exploit or sabotage my own systems. I do not trust myself to always get things right -- coding defensively and making things fail gracefully, avoiding unexpected and potentially dangerous behavior, is a good thing!

      Avoiding the shell (unless you have a good reason not to) is like useing strict. Yes, I trust myself, but I know I'm not perfect, so I'd rather have that extra safety net.

      (There's also the question of whether whoever is at the terminal, logged in as you, is ACTUALLY you, but in my case that's a lesser concern.)

[reply]
        DO you trust yourself?

        Again, mostly. If I didn't, I couldn't be doing my job. Come on, if I don't trust myself, whome else could I trust?

        I do not trust myself to always get things right

        That's why I wrote Except if there is, of course.

        But that's not the point of my previous posting. It is not only user input, but unlaundered data from any source which cannot be trusted.

        perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1186669]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (7)
As of 2024-04-16 08:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found