Re^2: Update config file parameters

here's an option using Data::Dumper and require

Please DON'T use this "solution"!

This opens a HUGE vulnerability, simply because require $filename;, use $filename;, do $filename;, and eval $filecontent; all treat the configuration file as executable code.

Or just imagine someone successfully executing echo 'system "/bin/rm -rf /";' >> monkConfig.txt before root executes perl -le 'require "monkConfig.txt";'.

Also, use and require load each file only once, unless you start messing with %INC.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Comment on Re^2: Update config file parameters Select or Download Code

Replies are listed 'Best First'.
Re^3: Update config file parameters by dbuckhal (Chaplain) on Jan 08, 2016 at 05:09 UTC
Wow, I did not know `require` would execute the content of the file. Very good to know. I am glad you found my post and corrected it. Thanks!	[reply] [d/l]
Re^4: Update config file parameters by afoken (Chancellor) on Jan 08, 2016 at 20:14 UTC
I did not know require would execute the content of the file. Think about it: How else could require and use (which is just `require` wrapped in a `BEGIN` block, and optionally a call to an `import` method) load and initialise a perl module? How would module `Foo` load a module `Bar` that it depends on, if not by executing `use` or `requrie` in `Foo` when the main program `require`s or `use`s `Foo`? Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply] [d/l] [select]
Re^5: Update config file parameters by dbuckhal (Chaplain) on Jan 09, 2016 at 00:15 UTC
I did "think about it" after your post, and already peeked at the docs... Thanks, again.	[reply]


Pathologically Eclectic Rubbish Lister
	PerlMonks