Controlling the shell...

rementis has asked for the wisdom of the Perl Monks concerning the following question:

Thank you for your attention, O Great and Powerful Monks.

I am trying to pass a variable as a parameter to another script but special characters throw it for a loop.

Basically a menu program gets the password from the user, then calls another perl script which in turn loops through a list of hosts issuing a command like this:
my $temp = `ssh $_ autopasswd_oracle.exp $user $password`;
($_ contains a hostname)
Now if you give it a good password like kjiuIU*& then it chokes and gets error messages. Any ideas would be more than welcome.
Thank you!

Comment on Controlling the shell...

Replies are listed 'Best First'.
Re: Controlling the shell... by Roy Johnson (Monsignor) on Apr 08, 2005 at 22:45 UTC
Backquotes invoke the shell; it's just like you typed whatever on the command line. And if you typed kjiuIU& on the command line, you'd see the same choking and error messages. Put some quotes around $user and $password. Those quotes, because they're inside the backquotes, will be sent to the shell; Perl will not interpret them. Caution:* Contents may have been coded under pressure.	[reply]
Re: Controlling the shell... by afresh1 (Hermit) on Apr 09, 2005 at 01:15 UTC
My recommendation would be that since passing a password on the command line is a Bad Idea[1], you would be better off sending the password some other way. If you are really using ssh, use a keypair with either ssh-agent [2]or with keys that don't have passwords. If it is a different piece of software than ssh, even though ssh is in the example, I would recommend looking to see if you can have it read the password some other way. I realise that doesn't help with passing special characters to a shell command, but passwords are not something I would think you really want that easily available. [1] the output of ps will show the password for one [2] it, or something similar should be available on most nix OS's UPDATE:* Rereading the inital post, I see that it looks like ssh is using passwordless auth, and the password is passed to 'autopasswd_oracle.exp', but I would still recommend finding a different way to pass the password. andrew	[reply]
Re: Controlling the shell... by gloryhack (Deacon) on Apr 09, 2005 at 00:17 UTC
You might filtering $user and $password through quotemeta before handing them off to the shell.	[reply]
Re: Controlling the shell... by wazoox (Prior) on Apr 09, 2005 at 08:48 UTC
Another option is to use the Net::SSH::Perl module. It allows you to run commands thru ssh in a much more elegant way.	[reply]
Re: Controlling the shell... by eXile (Priest) on Apr 09, 2005 at 01:15 UTC
If the autopasswd_oracle has an interactive mode, you could try to use Expect for inputting a username and password. Maybe using Expect to do the ssh isn't a bad idea in the first place if you are going to get user-input. It will give you more flexibility and ways to handle error situations.	[reply]
Re: Controlling the shell... by mnooning (Beadle) on Apr 09, 2005 at 20:44 UTC
The \Q (begin to special quote) and \E (end special quoting) escape characters may do the trick. Try my $temp = `ssh "\Q$_\E" autopasswd_oracle.exp $user $password`; I wonder if it would work without the double quotes. I do not remember Good luck	[reply]
Re: Controlling the shell... by tlm (Prior) on Apr 10, 2005 at 01:09 UTC
Here's a FAQ that you may find usefl: How can I call backticks without shell processing. It discusses ways to bypass the shell altogether. (Safer than backticks, too.) the lowliest monk	[reply]