Re: Re: CGI Script Calling Grep

derby,
The page loads, but it doesn't have the output of grep. Everything before and after where the grep command should be IS there. '.' does in fact seem to be referring to the correct directory. I was able to successfully grep another script in the same directory by altering my exec command. Is it still necessary to untaint the user string when passing the parameters to exec as a list, avoiding the shell?

Comment on Re: Re: CGI Script Calling Grep

Replies are listed 'Best First'.
Re: Re: Re: CGI Script Calling Grep by kjherron (Pilgrim) on Sep 27, 2001 at 07:16 UTC
Try this theory on for size: You're running this on an OS like Solaris, where the standard version of grep doesn't provide a -r option. Your system administrator has installed GNU grep (which does have this option) in /usr/local/bin or some such place. When you run the script yourself, your PATH contains /usr/local/bin so the script uses GNU grep. When the web server runs your script, it gets a different path and ends up running /usr/bin/grep. This version just complains and exits, but you don't see the error message.	[reply]

Replies are listed 'Best First'.

Re: Re: Re: CGI Script Calling Grep
by kjherron (Pilgrim) on Sep 27, 2001 at 07:16 UTC

You're running this on an OS like Solaris, where the standard version of grep doesn't provide a -r option. Your system administrator has installed GNU grep (which does have this option) in /usr/local/bin or some such place.

When you run the script yourself, your PATH contains /usr/local/bin so the script uses GNU grep. When the web server runs your script, it gets a different path and ends up running /usr/bin/grep. This version just complains and exits, but you don't see the error message.

[reply]