ActiveState and spawning commands
eugene at securityarchitects.com
Tue May 30 12:35:44 CDT 2000
On Tue, May 30, 2000 at 09:37:26AM -0700, Russ Schnapp wrote:
> > > I assumed that if backtick and opening a pipe fail, system will
> > > undoubtedly fail, too. Yup -- I just tried it.
> > you assumed wrong.
> Interesting. So, you have encountered situations under which
> backtick or pipe fails, yet "system" works? Can you characterize
> that situation? It hasn't happened to me yet...
Is there a difference between 'exec "echo $arg"' and 'exec "echo", $arg' ?
by looking at the above two statements you are probably going to say no... i mean they look almost identical, right? but there is a difference! the latter one doesn't use the shell for executing the command and is thus considered to be secure (see perlsec for more details). My point is that there are subtle differences that you might think don't make much difference but they do. the system call that i showed didn't use the shell which i thought might make a differnce (a blind guess i must confess).
quoting the perlop manpage:
A string which is (possibly) interpolated and then executed as a system command with /bin/sh or its equivalent
so there was a difference after all...
p.s. all of the above applies to UNIX, i don't know if it's valid in a windows world)
The posting address is: san-diego-pm-list at hfb.pm.org
List requests should be sent to: majordomo at hfb.pm.org
If you ever want to remove yourself from this mailing list,
you can send mail to <majordomo at happyfunball.pm.org> with the following
command in the body of your email message:
If you ever need to get in contact with the owner of the list,
(if you have trouble unsubscribing, or have questions about the
list itself) send email to <owner-san-diego-pm-list at happyfunball.pm.org> .
This is the general rule for most mailing lists when you need
to contact a human.
More information about the San-Diego-pm