This caveat should make you leery of what follows: I'm not a security expert. I can't evaluate whether or where race conditions lie within the code below. What follows is simply how I would try to approach your chdir, tar in, chdir, tar out problem.
I'd break it up into those 4 steps and test each one:
#!/usr/bin/perl use strict; use warnings; my $from_dir = '/tmp/from'; my $to_dir = '/tmp/to'; # chdir and set up reader chdir $from_dir or die "chdir $from_dir: $!\n"; open my $from_pipe, 'tar cvf - . |' or die "can't fork input tarpipe: $!\n"; # chdir and set up writer chdir $to_dir or die "chdir $to_dir: $!\n"; open my $to_pipe, '| /bin/tar xvf -' or die "can't fork output tarpipe: $!\n"; while ( <$from_pipe> ) { print $to_pipe $_ } close $from_pipe; close $to_pipe; exit 0;
I've tested the above sample; if you populate /tmp/from with some files, they'll be transferred over to /tmp/to as you'd expect.
But... the description for open, and the existence of perlopentut and the "Safe pipe opens" section in perlipc all make me think that there's got to be problems with this code. If you haven't done so already, take a look through those man pages to see several safer and saner ways of doing the above.
blyman
setenv EXINIT 'set noai ts=2'
In reply to Re: chdir and security
by belden
in thread chdir and security
by bronto
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |