Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: Dangerous Characters for system calls

by graff (Chancellor)
on Oct 15, 2013 at 23:53 UTC ( [id://1058372]=note: print w/replies, xml ) Need Help??


in reply to Dangerous Characters for system calls

Following up on the 2nd reply (++ on that one), I think it's hard to imagine a situation where the content from an email form "has to be passed through various Linux system calls." Maybe you think it has to, but I suspect you're wrong.

Whatever Linux processes you're talking about, there are bound to be ways to do what you intend to do without exposing untrusted text to a shell command line.

As for what the "risky" characters are, it's likely that all ASCII characters that match [^^/%@+\w-] are able to invoke "non-literal meanings" in a bash command line. Some (like ~ or #) might only do this if they occur in certain positions.

As for any non-ASCII characters that might happen to show up from a web form, well, who knows... I'd rather not have to experiment with that.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1058372]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others romping around the Monastery: (4)
As of 2024-03-28 14:38 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found