Re: Parallel processing, sort of

Saftey warning: You're passing $fullfile through the shell, potentialy doing all sorts of bad things.

eval 'my ($pid) = fork; if ($pid == 0) { exec "display -title %d/%f $fullfile" }';

Consider $fullfile='; rm -rf /', or 'realfilename > ~/irreplacable.file', or even '</dev/urandom'.

Unless your input data file is implicitly trusted, you should be carefuly filtering it. Even if it is, you should be using the array form of exec -- exec(qw(display -title %d/%f), $fullfile).

Even then, consider what arguments display takes -- you should probably filter for filenames starting with a dash, or use a -- end-of-arguments marker, if display supports it.

Oh, and there's no reason to use stringy eval here; BLOCK eval will work just as well, and is much more efficent. (Stringy eval will recompile the argument every time.)

Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by responing to this node).

Comment on Re: Parallel processing, sort of Select or Download Code

Replies are listed 'Best First'.
Re: Re: Parallel processing, sort of by Preceptor (Deacon) on Sep 13, 2002 at 07:48 UTC
Well, you want a response on err.... How about pointing out that it's "responding" not "responing". ;) -- It's not pessimism if there is a worse option, it's not paranoia when they are and it's not cynicism when you're right.	[reply]