Re^4: Safely passing CGI form data to a shell command

in reply to Re^3: Safely passing CGI form data to a shell command
in thread Safely passing CGI form data to a shell command

I said in my previous post that "in your case" you should be using IPC::Open2. That is used to capture output from a program (as well as send input, but you can close the writer since you're not sending input) while still allowing a LIST like system and exec to bypass the shell.

The taint problem is likely that you didn't resent your environment. Check out perlsec on how to set your environment securely.

Comment on Re^4: Safely passing CGI form data to a shell command

Replies are listed 'Best First'.
Re^5: Safely passing CGI form data to a shell command by Tommy (Chaplain) on Apr 21, 2005 at 22:56 UTC
Ended up finally going with IPC::Open3 for it's provision of STDERR readability on the child process. YIPEE! Thanks! Final result (still beta for now, but secured with all suggestions and what info I could find in my research): Enter a term to look up under the "Dictionary & Thesaurus" label -- Tommy Butler, a.k.a. Tommy	[reply]

In Section Seekers of Perl Wisdom