RE: Is this system call hazardous for my computers health??

Three things stick out in my mind. First, there's no need to use double-quoted interpolation of $tmp_dir. Just say (-e $tmp_dir) and it will work correctly. It seems like half of the attacks against programs have to do with variable interpolation, so avoid it when you can.

Your use of the list form of system is good, that avoids having the shell interpolate (there's that word again) the argument string. I'm not sure you want the asterisk at the end, as it may remove all of the files in the current working directory, which is hardly what you want. I'd also recommend you look into File::Path instead, specifically the rmtree() function.

In general, I trust built-in functions more than system calls.

Update: Upon quick testing with bash, rm -rf -i dirname/ * does just as I suspected -- removing dirname/ recursively AND all of the files in the current directory. It's up to you.

Comment on RE: Is this system call hazardous for my computers health?? Select or Download Code

Replies are listed 'Best First'.
Re: RE: Is this system call hazardous for my computers health?? by zzspectrez (Hermit) on Nov 16, 2000 at 05:10 UTC
I agree with you trusting built-in functions more than system calls. I was trying to stay away from modules, and understand how to best use system calls without compromising security. On a side note, I find it interesting that perl has built in functions to chdir, rmdir, mkdir, rename, and symlink but does not have functions to move, copy, or erase files. So it seems the best solution would be to use a module that properly handles removing files or directories such as your suggestion of File::Path. However, if not using modules the next best would be to use system to rm the directory and files and then recreate the directory such as this code. Thanks! zzspectrez	[reply]
move, copy, or delete files (RE: Is this system call hazardous for my computers health??) by tye (Sage) on Nov 17, 2000 at 05:31 UTC
You move files with link()/unlink() or [unless you have a really old version of Perl] rename(). You delete files with unlink(). None of them work across file systems. The first two have been a basic part of Unix for a long time and rename() is a recent addition. Same for Perl [because Perl is based on Unix]. Unix and C don't have a standard subroutine for copying files and so Perl doesn't either [nor for moving a file across file systems which is just a copy and delete]. There are modules for this. - tye (but my friends call me "Tye")	[reply]