Re: backtick question

Depending on how you do the system call and the backtick call, there may be subtle differences in how perl and/or the sub-shell are interpolating things that look like variables (or are not interpolating things that you believe should be treated as variables). It would be helpful if you could post the actual system and backtick lines from your code, along with any relevant snippets that assign values to any variables involved.

Comment on Re: backtick question

Replies are listed 'Best First'.
Re: Re: backtick question by DrManhattan (Chaplain) on Jan 22, 2003 at 22:52 UTC
Specifically, when you use backticks or call system() with a scalar argument, the argument is passed to the system shell (typically /bin/sh). If you call system() with an array argument, the args are executed directly. This has important security implications because the system shell will interpolate metacharacters. See 37385 for a more detailed explaination. Try this and see if it works: `if (open(PROGRAM, "-\|")) { # Parent process. Read output from child. my @output = <PROGRAM>; } else { # Child process. exec() program exec("/path/to/program", $arg1, $arg2, $etc); }` [download] -Matt	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: backtick question
by DrManhattan (Chaplain) on Jan 22, 2003 at 22:52 UTC

Specifically, when you use backticks or call system() with a scalar argument, the argument is passed to the system shell (typically /bin/sh). If you call system() with an array argument, the args are executed directly.

This has important security implications because the system shell will interpolate metacharacters. See 37385 for a more detailed explaination.

Try this and see if it works:

        if (open(PROGRAM, "-|"))
        {
                # Parent process.  Read output from child.
                my @output = <PROGRAM>;
        }
        else
        {
                # Child process.  exec() program
                exec("/path/to/program", $arg1, $arg2, $etc);
        }
[download]

-Matt

[reply]
[d/l]