SPUG: exec question

Tim Maher tim at consultix-inc.com
Fri Feb 11 10:54:43 PST 2005

On Fri, Feb 11, 2005 at 10:10:15AM -0800, Ben Reser wrote:
> Anyway, from a security standpoint, don't ever do stuff like
> what Tim showed you above. If you're passing arguments, then
> you have to worry about those arguments having shell meta
> characters in them...
> Ben Reser <ben at reser.org>


Regarding the difference in interpretation between the single-argument
vs. multi-argument version of system, in the example I showed,
metacharacter interpretation was /desired/, which is precisely why
I showed the single-argument version.

The metacharacters that needed interpretation included the ">"
for output redirection, which I thought the original poster might
need, and the "&" for background execution, which he definitely
needs if he wants his script not to wait for the shell command to
exit before continuing (unless he wants to do the fork/exec himself).

Your statement "don't ever do stuff like what Tim showed you" is
really uncalled for, and may discourage people from using
features that can benefit them!

There's no need to be afraid of the shell if you take appropriate
precautions, which comes down to quoting funny characters that you
want taken literally.

See http://www.TeachMeUnix.com/quoting.html for a detailed
discussion of the proper use of shell quoting techniques.

| Tim Maher, PhD     (206) 781-UNIX      (866) DOC-PERL     (866) DOC-UNIX |
| tim(AT)Consultix-Inc.Com  http://TeachMePerl.Com  http://TeachMeUnix.Com |
|      Watch for my upcoming book: "Minimal Perl for UNIX/Linux People"    |

More information about the spug-list mailing list