l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2001 Dec 30 17:14

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] quoting question in perl
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] quoting question in perl



On Sat, Dec 22, 2001 at 01:53:47AM -0800, Harry Souders wrote:
> system("rm -- $filename");

I did not explain this fully in my last post, but I strongly recommend always
passing system() a list of string rather than a single string argument. If
there is one string arg (e.g., "rm foo"), perl emulates system(3), which
means that the string is interpreted by /bin/sh.  I imagine I do not need to
explain to this group why that is a bad idea when dealing with arbitrary
strings.

It is much better to use system('command', 'arg1', 'arg2', ... 'arg n'). In
this case, the program named by the first argument is called (via fork(2) and
execvp(3)) directly by perl, without a shell. The potetial security problem
is thereby eliminated.

As Harry pointed out, rm(1) chokes on filenames that begin with a hyphen. All 
cases I can think of should be covered by system('/bin/rm', '--', $filename).

-- 
Henry House
The attached file is a digital signature. See <http://romana.hajhouse.org/pgp>
for information.  My OpenPGP key: <http://romana.hajhouse.org/hajhouse.asc>.

Attachment: pgp00009.pgp
Description: PGP signature



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.