Re: HTTP/CGI Backup interface w/Perl

#!/usr/bin/perl 
$|++;

my @files = qw( /home/sauoq );
print "Content-type: application/x-tar\n\n";
system( "tar cvf - @files" );
[download]

-sauoq
"My two cents aren't worth a dime.";

Comment on Re: HTTP/CGI Backup interface w/Perl Download Code

Replies are listed 'Best First'.
Re: Re: HTTP/CGI Backup interface w/Perl by dash2 (Hermit) on Jun 10, 2003 at 00:21 UTC
Yup. Don't do anything silly like `system("tar cvf - $my_user_input_from_a_form");`, unless you want to hand out tar files of your server's passwords, though. andramoiennepemousapolutropon	[reply] [d/l]
Re: Re: Re: HTTP/CGI Backup interface w/Perl by sauoq (Abbot) on Jun 10, 2003 at 00:36 UTC
This is very good advice and I was remiss in not noting such myself. That said, you should also know that, if you did so, you might risk a whole lot worse than the loss of your password file. It would permit a user to run any arbitrary command on your system with privileges the same as those that the cgi script runs with. Know the risks, understand the issues, and use the `-T` option to help you catch dangerous code. -sauoq "My two cents aren't worth a dime.";	[reply]