LPM: hlp with h2ph :) sorry

Frank Price fprice at mis.net
Sun Apr 2 12:55:24 CDT 2000


On Sat, Apr 01, 2000 at 09:21:00PM -0500, Rich Bowen wrote:
> Matt Cashner wrote:
> ...
> > or you can use perl to do the same sorts of thinks without calling stuff
> > from the shell :)
> 
> A good point. It's almost never necessary, and almost always
> undesirable, to call a function from the shell. There is usually a way
> to do this from withing Perl, and that way is almost always faster and
> more secure. Passing stuff to the shell is a good way to have someone
> pass a little bit of rm -rf through our script and to the shell.

It's often emphasized that when you do use system() to call the shell,
do it in list context rather than string.  That way the shell doesn't
get involved for globbing, IFS substitution, etc.  A bit more secure.

Example:
	my @run = ('ls', '-li', '/usr/bin/');
	$rc = system(@run);
	die "Couldn't do @run\n" if ($rc != 0);

-Frank.
-- 
Frank Price                                fprice at mis.net
        -- E Pluribus Unix | Why not go mad? --



More information about the Lexington-pm mailing list