Can System() of Perl be bypassed?

From: Sandeep Giri (sandeepgiriat_private)
Date: Tue Jan 21 2003 - 23:03:27 PST

  • Next message: Robert B. Morson: "RE: PGP scripting (reprise)"

    
     ('binary' encoding is not supported, stored as-is)
    Hi All,
    In my PERL code,I am using user's input as command line argument for the 
    program being executed by System().
    Can user run command of his choice by giving malicious input?
    Is PERL's -T (Taint mode) the solution for this?
    
    Thanks.
    
    Sandeep Giri
    



    This archive was generated by hypermail 2b30 : Wed Jan 22 2003 - 13:26:23 PST