Re: Can System() of Perl be bypassed?

From: Brian Reichert (reichert@numachi.com)
Date: 01/28/03

  • Next message: mlh@zip.com.au: "Re: safe strcpy()?" 
    Date: Tue, 28 Jan 2003 17:58:24 -0500
From: Brian Reichert <reichert@numachi.com>
To: "NESTING, DAVID M (SBCSI)" <dn3723@sbc.com>

    On Tue, Jan 28, 2003 at 04:35:30PM -0600, NESTING, DAVID M (SBCSI) wrote:
    > > open2(\*READ, \*WRITE, '/bin/grep', $sanitized_arg,
    > > "/usr/dict/words") or die;
    >
    > Note also that in 5.8, if all you're interested in is STDOUT, Perl lets you
    > do this:
    >
    > open(FH, "-|", "/bin/grep", $sanitized_arg, "/usr/dict/words") or die ...;
    >
    > This is somewhat equivalent to doing the fork and exec in list form, which
    > would not invoke the shell to parse the command string.

    I wrote System2 to collect STDOUT and STDERR, in a manner that
    bypasses the shell as well. Output is returned in a a scalar, not
    a FH, which an important distinction.

      use System2;
      my ($out, $err) = system2("/bin/grep", $sanitized_arg, "/usr/dict/words");
      my ($exit_value, $signal_num, $dumped_core) = &System2::exit_status($?)

    See <http://search.cpan.org/author/REICHERT/System2-0.82/System2.pm>

    Same kinda approach, and behaves on older perl versions. 

    -- 
Brian 'you ***' Reichert		<reichert@numachi.com>
37 Crystal Ave. #303			Daytime number: (603) 434-6842
Derry NH 03038-1713 USA			BSD admin/developer at large
    • Quantcast