Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: Reaping Zombies (dont wanna wait)

by DrManhattan (Chaplain)
on Jun 09, 2003 at 18:03 UTC ( [id://264413]=note: print w/replies, xml ) Need Help??


in reply to Reaping Zombies (dont wanna wait)

This looks fishy:
my $exec = "/usr/local/bin/monster -i$id $filePath$file &"; qx/$exec/;

Calling exec in scalar context like this, you're feeding what appears to be user input to /bin/sh. If an external user controls the value of $id, $filePath, or $file, you'll get owned because the shell interprets metacharacters. E.g. if $id is set to `rm -rf /`, sh will execute it.

Also, I'm not sure if this is related, but there's no need for the '&' at the end of the command. You've already forked a child, so you shouldn't need to fork again. Try this:

exec("/usr/local/bin/monster", "-i", $id, "$filePath$file");
Calling exec() in array context executes the program directly rather than feeding it to the system shell, so metacharacters won't be a problem.

-Matt

Replies are listed 'Best First'.
Re: Re: Reaping Zombies (dont wanna wait)
by halley (Prior) on Jun 09, 2003 at 18:13 UTC

    DrManhattan, I agree with the sentiments in your post. I'm just providing some careful feedback on the jargon.

    "Calling exec in scalar context like this," is wrong for two reasons. One, the poster is not calling exec(), the poster is using the qx// operator which is identical to the backtick operator. Two, the calling context refers to how the results are to be collected, not what arguments or operands are given, so this calling context is void.

    As an aside, there's no reason to use backticks in void context; use system() or exec() instead. Backticks collect the output of a subprocess, and if you're in void context, you're collecting all that junk for nothing.

    "Calling exec() in array context..." is also wrong for the definition of context. Phrasing it as "Calling exec() with a list..." is more proper. The documentation refers to this as the exec LIST form of the function, as opposed to the exec EXPR form.

    Hope this helps clarify an otherwise good point on taint-validation and its security risk when not considered.

    --
    [ e d @ h a l l e y . c c ]

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://264413]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (5)
As of 2024-03-29 13:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found