Re: Can System() of Perl be bypassed?

From: Sandeep Giri (sandeepgiriat_private)
Date: Wed Jan 22 2003 - 23:08:15 PST

  • Next message: Valdis.Kletnieksat_private: "Re: Standards for developing secure software"

    
     ('binary' encoding is not supported, stored as-is)
    In-Reply-To: <87fzrku98r.fsfat_private>
    
    Hi!
    Thanks a lot to you and all who replied to my mesg.
    Taking chapter from replies,now I've changed my code to:
    
    #!/usr/bin/perl -T -W 
    my $key_words;
    my $help;
    GetOptions('kw=s'    => \$key_words,
    	     'help'    => \$help) || usage();
    my @args = ($Keywords,....);
    my @cmd = ("$JAVA",
    	     "-search.home=$SEARCH_HOME",
    	     "Searcher",
    	     @args);
    system(@cmd) == 0) ||error();
    
    Need I be more paranoid than this and use my own regex to filter out 
    keywords my self?
    
    Thanks a lot.
    
    Sandeep Giri
    



    This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 14:06:24 PST