in reply to Re: system, pipes, shell, quoting
in thread system, pipes, shell, quoting

I just thought of this, so correct me if I'm doing something naive.

If you have to get the values of $program1 and $program2 from an outside source, you can put allowed values in a hash like this:

my %allowed;
$allowed{'ls'} = '/bin/ls';
$allowed{'grep'} = '/bin/grep';
$allowed{'gzip'} = '/bin/gzip';
. . .

[download]

When it comes time to execute the program:

my $good_prog = $allowed{$program1};
system($good_prog) if($good_prog != undef);

[download]

This won't help you with arguments, of course. Also, you'll be limiting the actual programs that can be run (which is probably a good thing). If you want to allow everything in /bin and /usr/bin, try this (untested):

use File::Find;
my %allowed;
find(\&add, '/bin', '/usr/bin');

sub add 
{
     $allowed{$_} = $File::Find::name;
}

[download]

In Section Seekers of Perl Wisdom