Your use of the list form of system is good, that avoids having the shell interpolate (there's that word again) the argument string. I'm not sure you want the asterisk at the end, as it may remove all of the files in the current working directory, which is hardly what you want. I'd also recommend you look into File::Path instead, specifically the rmtree() function.

In general, I trust built-in functions more than system calls.

Update: Upon quick testing with bash, rm -rf -i dirname/ * does just as I suspected -- removing dirname/ recursively AND all of the files in the current directory. It's up to you.

I agree with you trusting built-in functions more than system calls. I was trying to stay away from modules, and understand how to best use system calls without compromising security.

On a side note, I find it interesting that perl has built in functions to chdir, rmdir, mkdir, rename, and symlink but does not have functions to move, copy, or erase files.

So it seems the best solution would be to use a module that properly handles removing files or directories such as your suggestion of File::Path. However, if not using modules the next best would be to use system to rm the directory and files and then recreate the directory such as this code.




Thanks!
zzspectrez

You move files with link()/unlink() or [unless you have a really old version of Perl] rename(). You delete files with unlink(). None of them work across file systems. The first two have been a basic part of Unix for a long time and rename() is a recent addition. Same for Perl [because Perl is based on Unix].

Unix and C don't have a standard subroutine for copying files and so Perl doesn't either [nor for moving a file across file systems which is just a copy and delete]. There are modules for this.

        - tye (but my friends call me "Tye")

Yes the script does run as root. These are the kind of situations Im woried about. Thank you for these pointers. Then should I rewrite the code as follows? :

if (-e $tmp_dir) {
    if (-l $tmp_dir) { 
       die "Temporary folder $tmp_dir is a symbolic link!\n"
    }else{
       system ("rm","-rf",$tmp_dir);
       mkdir ($tmp_dir) or 
          die "Unable to make temp folder: $tmpdir: $!\n";
    } 
}else{
    mkdir ($tmp_dir) or 
        die "Unable to make temporary folder $tmp_dir: $!\n";
}
[download]

Thanks!
zzspectrez

Let me direct you to (and I'm by far not trying to pat myself on the back here, but I searched long and hard to come up with what I have, so consider it a smorgesboard (sp?) of my experiences with these same questions) cksec, in particular check out the verifyfile() sub (must carefully read all of the sub) which makes sure a file is what it should be. Also, check out the updatedb() sub, which actually writes to a file and so ensures that it is what it should be.

I wish I could remember where I found this info, in order to give credit to the author, unfortunately I cannot...wait...ah yes, it's from the book Perl for Systems Administrators, which while having too much Windows stuff for my taste, has some great info.

Hope I've helped, enjoy!

    system("rm -rf $tmp_dir/*");
[download]

    use File::Spec;
    system("rm -rf " . File::Spec->catfile($tmpdir, "*"));
[download]

    use File::Path;
    my $tmp_dir = "/tmp/blahblah-11-14-2000";
    rmtree($tmp_dir);    # no error check; doesn't matter if it doesn'
+t exist
    mkdir($tmp_dir) or die "Unable to make temporary folder $tmp_dir: 
+$!\n";
[download]

which I can only imagine in the unusual case where you can't create a new directory in /tmp.

Or if ownership and/or permissions were set up by a more privileged user.

   system("rm","-f","$tmp_dir","*")
[download]

I suspect that what you should have done was simply

    system("rm", "-rf", $tmp_dir);
[download]

AgentM Systems nor Nasca Enterprises nor Bone::Easy nor Macperl is responsible for the comments made by AgentM. Remember, you can build any logical system with NOR.