http://qs1969.pair.com?node_id=48855

wombat has asked for the wisdom of the Perl Monks concerning the following question:

Hi fellows.

I humbly kneel before the group and offer my boggle which has vexed me since 3:30 this morning (my body's uptime now is 23 hours 45 mins). I have a script in my cgi-bin directory which at some point attempts to call another script (with arguments) which is in a directory below cgi-bin. When I call system(), it returns $? as 9728 and $?>>8 as 38. I cannot find what these error codes mean despite my looking. I read that if arguments are involved it's better to do:  @arr=($command,$arg1) system(@arr);as opposed to $cmd = "command argument...: system($cmd). Doing that produced exactly the same result. When I run this manually with my personal shell account it works just fine, but when I run it from the web as uid apache, it does not. Apache has write access to the subdirectory in cgi-bin, and other things in the cgi-bin directory execute okay from the web. Any ideas?

~W

Replies are listed 'Best First'.
Re: Find the permission problem
by swiftone (Curate) on Dec 30, 2000 at 00:13 UTC
    Well, I don't have any insight into your problem, but I thought I'd expand on WHY  system( command, @args) is considered better.

    Let's say you were going to run an ls command and use the results, and the user can pass switches through. (ls is an impractical example, but good for demonstrating) You could have:

    # $options is whatever the user entered. system ("ls $options");
    And if the user entered "--sort=size" that would pass through just fine. But what if the user entered "; rm -rf /*" ? Oops.

    The list syntax to system() prevents this sort of abuse, and that's why it's "better", not from a "getting it to work" standpoint, but from a security viewpoint.

Re: Find the permission problem
by I0 (Priest) on Dec 30, 2000 at 00:15 UTC
    Can you post the permissions and code of /dirstruct/dirstruct2/cgi-bin/subdir/pr?
(zdog) Re: Find the permission problem
by zdog (Priest) on Dec 29, 2000 at 22:48 UTC
    Try doing @arr=($command,$arg1); system("@arr");. Without the quotes it returns a value of 2 in your case.

    Zenon Zabinski | zdog | Zenon.Zabinski03@students.bcp.org

      Wrong. system() can take a single string or a list of strings (and an optional direct object). If a list of more that one string is given, then Perl won't call a shell to interpret the command-line string (that you didn't give it). If just one string, then Perl will call a shell if the string isn't simple enough (that is, if the string doesn't have any shell meta characters, it will just split it on whitespace and use fork()/exec() just as if you had given it more than one value).

      Of course, platforms that don't have fork() don't quite obey this rule.

              - tye (but my friends call me "Tye")
        tye, perlfunc system() doesn't talk about taking an optional direct object nor am I finding it in any of my books. Where would I go to find more information on this topic?

        coreolyn

      Tried it just now, no effect. $?==9728 $?>>8==38

      tye Giving it a straight string System("/dirstruct/dirstruct2/cgi-bin/subdir/progname static_argument_value"); produced the same effect.

      i0cgi-bin's permissions are "root html rwxrwxr-x" cgi-bin/subdir's are "wombat apache rwxrwxr-x" the program I'm trying to run is "wombat wombat rwxr--r-x" and the target app is "wombat apache rwx--x--x"
        rwx--x--x is a bad set of permissions for a Perl script (assuming that's what it is). Scripts need to be read and interpreted by an interpreter, which means the script needs to be readable to the interpreter. If your script is owned by yourself, but merely executable by the user running the interpreter (apache?), it won't be able to read the script and will fail.

        Try setting the permissions to something more sane, like 755, and see if that helps.

        In addition, if you're frequently executing one Perl script from within others, you may be interested in breaking that Perl script out into a module, and simply 'use' that module from your other Perl scripts that need to get at that common code.

        If you need the variables: you can always do: system("$command $arg");

        or

        my $cmd = "$command $arg"; system($cmd);

        Zenon Zabinski | zdog | Zenon.Zabinski03@students.bcp.org