command line from web

Adam Clarke Adam.Clarke at
Sat Nov 16 21:21:05 CST 2002

First, since you may be on a learning curve a couple of hints based on 
the fact that running system commands can get you into strife security wise.

1. Run your script with warnings on and in taint mode (#!perl -wT)

2. Have a look at the following &

Now as for what's going wrong.

1. When you say produces nothing do you mean that the file "hello" does 
not get created or that no output is created. I ask because you are 
using backticks and therefore running the system command "touch" with 
"hello" as it's argument. When I run
    perl -e 'print `touch hello`';
I don't get any visible output to STDOUT either, I do however got an 
empty file called "hello" created. Maybe your script is working. You 
remember that the current working directory of the web server (when it 
runs your script) is where "hello" would get created. If your executing 
from /cgi-bin/ then that's where the simple example you gave is going to 
put it.

2. If the you've thought of the above and/or that's not it then check 
your webserver logs. Maybe there is a clue there.

Adam Clarke   **

Michael Lindner wrote:

>why is it that:: print `touch hello`;
>produce nothing when run in a browser initiated script?
>is this a security feature, or what am i doing wrong :-)
>(running on linux rh7.2)

More information about the Melbourne-pm mailing list