Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Re: Perl calling Linux commands

by tmharish (Friar)
on Mar 08, 2013 at 11:06 UTC ( #1022392=note: print w/replies, xml ) Need Help??

in reply to Perl calling Linux commands

If you had printed the system command that you were running you would have figured this out.


Just to show what I meant consider what happens when your code is modified like so:

my $command = qq("svr_submit_RAST_job --user "$username" --passwd "$Pa +ssword" --fasta "$fasta" --domain "$domain" --genetic_code "$Genetic_ +code") ; print "\n\n\nGoing to run the following through system:\n $command\n";
Enter the Rast Username username Enter the Rast Password password Enter the fasta file Name filename Enter the Domain Name domainname Enter Genetic_Code geneticcode Going to run the following through system: "svr_submit_RAST_job --user "username " --passwd "password " --fasta "filename " --domain "domainname " --genetic_code "geneticcode "

And the newlines are there for you to see, as plain as daylight.

Replies are listed 'Best First'.
Re^2: Perl calling Linux commands
by tmharish (Friar) on Mar 08, 2013 at 13:50 UTC

    Additionally you need to look at tainted variables.

    Its a really bad idea to take user input and throw it to system ( or a database ) - What if the username input was:

    " || ls && 0 &&

    Of course you could replace ls with whatever exciting nefarious command you choose but thats the idea ...

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1022392]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (6)
As of 2018-06-22 21:16 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (124 votes). Check out past polls.