I apologize to the readers of the list. I was being inexcusably
sloppy by not checking the result codes. I was just trying to
illustrate the Perl feature of passing exec a list rather than a
string, and I allowed the temptation of being cute and idiomatic to
interfere with good code writing practices.
The result of the open() call should be checked as well as the
exec(). If either fails, the program should immediately exit.
Lincoln
Olaf Titz writes:
> > open (MAIL,"|-") || exec '/usr/lib/sendmail','-t','-oi';
>
> This gets "interesting" when fork fails. You then have the sendmail
> process connected directly to the client. Perhaps it is even possible
> to exploit this by simply overloading the server.
>
> Check for the success of the fork like this:
>
> $pid=open(MAIL, "|-");
> defined ($pid) || die "fork: $!";
> if (!$pid) { exec '/usr/lib/sendmail', '-t', '-oi' || exit 255; }
>
> or even:
>
> do { $pid=open(MAIL, "|-"); last if defined($pid); sleep 10; } while (1);
> if (!$pid) { exec '/usr/lib/sendmail', '-t', '-oi' || exit 255; }
>
> Olaf
--
========================================================================
Lincoln D. Stein Cold Spring Harbor Laboratory
lsteinat_private Cold Spring Harbor, NY
========================================================================
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:01 PDT