Can System() of Perl be bypassed?

From: Sandeep Giri (sandeepgiriat_private)
Date: Tue Jan 21 2003 - 23:03:27 PST

Next message: Robert B. Morson: "RE: PGP scripting (reprise)"

Previous message: Glynn Clements: "RE: PGP scripting..."
Next in thread: NESTING, DAVID M (SBCSI): "RE: Can System() of Perl be bypassed?"
Reply: NESTING, DAVID M (SBCSI): "RE: Can System() of Perl be bypassed?"
Reply: Brian Hatch: "Re: Can System() of Perl be bypassed?"
Reply: Ilya Martynov: "Re: Can System() of Perl be bypassed?"
Reply: Glynn Clements: "Re: Can System() of Perl be bypassed?"
Reply: Dana Epp: "Re: Can System() of Perl be bypassed?"
Reply: Tom Arseneault: "RE: Can System() of Perl be bypassed?"
Reply: FBO: "Re: Can System() of Perl be bypassed?"
Reply: Ian Charnas: "Re: Can System() of Perl be bypassed?"
Reply: Sandeep Giri: "Re: Can System() of Perl be bypassed?"
Reply: NESTING, DAVID M (SBCSI): "RE: Can System() of Perl be bypassed?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Hi All, In my PERL code,I am using user's input as command line argument for the program being executed by System(). Can user run command of his choice by giving malicious input? Is PERL's -T (Taint mode) the solution for this? Thanks. Sandeep Giri

Next message: Robert B. Morson: "RE: PGP scripting (reprise)"
Previous message: Glynn Clements: "RE: PGP scripting..."
Next in thread: NESTING, DAVID M (SBCSI): "RE: Can System() of Perl be bypassed?"
Reply: NESTING, DAVID M (SBCSI): "RE: Can System() of Perl be bypassed?"
Reply: Brian Hatch: "Re: Can System() of Perl be bypassed?"
Reply: Ilya Martynov: "Re: Can System() of Perl be bypassed?"
Reply: Glynn Clements: "Re: Can System() of Perl be bypassed?"
Reply: Dana Epp: "Re: Can System() of Perl be bypassed?"
Reply: Tom Arseneault: "RE: Can System() of Perl be bypassed?"
Reply: FBO: "Re: Can System() of Perl be bypassed?"
Reply: Ian Charnas: "Re: Can System() of Perl be bypassed?"
Reply: Sandeep Giri: "Re: Can System() of Perl be bypassed?"
Reply: NESTING, DAVID M (SBCSI): "RE: Can System() of Perl be bypassed?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 22 2003 - 13:26:23 PST