RE: Can System() of Perl be bypassed?

From: NESTING, DAVID M (SBCSI) (dn3723at_private)
Date: Tue Jan 28 2003 - 14:35:30 PST

  • Next message: Crispin Cowan: "Re: safe strcpy()?"

    -----Original Message-----
    From: Brian Hatch [mailto:secprogat_private]
    Sent: Thursday, 23 January, 2003 12:44
    To: Ian Charnas
    Cc: Sandeep Giri; secprogat_private
    Subject: Re: Can System() of Perl be bypassed?
    
    >	open2(\*READ, \*WRITE, '/bin/grep', $sanitized_arg,
    >		"/usr/dict/words") or die;
    
    Note also that in 5.8, if all you're interested in is STDOUT, Perl lets you
    do this:
    
    open(FH, "-|", "/bin/grep", $sanitized_arg, "/usr/dict/words") or die ...;
    
    This is somewhat equivalent to doing the fork and exec in list form, which
    would not invoke the shell to parse the command string.
    
    More goodies: http://www.perldoc.com/perl5.8.0/pod/func/open.html
    
    David
    



    This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 14:45:56 PST