in reply to chdir and security

...But when you need to chdir and read data in one directory and pipe it to another process, that should chdir, read your data and write it back down to the disk, what would you do to stay on the safe side?

This caveat should make you leery of what follows: I'm not a security expert. I can't evaluate whether or where race conditions lie within the code below. What follows is simply how I would try to approach your chdir, tar in, chdir, tar out problem.

I'd break it up into those 4 steps and test each one:

#!/usr/bin/perl

use strict;
use warnings;

my $from_dir = '/tmp/from';
my $to_dir = '/tmp/to';


# chdir and set up reader
chdir $from_dir or
    die "chdir $from_dir: $!\n";
open my $from_pipe, 'tar cvf - . |' or
    die "can't fork input tarpipe: $!\n";


# chdir and set up writer
chdir $to_dir or
    die "chdir $to_dir: $!\n";
open my $to_pipe, '| /bin/tar xvf -' or
    die "can't fork output tarpipe: $!\n";

while ( <$from_pipe> ) {
    print $to_pipe $_
}

close $from_pipe;
close $to_pipe;

exit 0;

[download]

I've tested the above sample; if you populate /tmp/from with some files, they'll be transferred over to /tmp/to as you'd expect.

But... the description for open, and the existence of perlopentut and the "Safe pipe opens" section in perlipc all make me think that there's got to be problems with this code. If you haven't done so already, take a look through those man pages to see several safer and saner ways of doing the above.

blyman
setenv EXINIT 'set noai ts=2'

In Section Seekers of Perl Wisdom