I've discovered that I'm actually bouncing into a Perl security issue. I got past the last problem by calling perl with -TUw, this way the script should run but error on tainted data. Here's the error: 
Running {/usr/bin/rsh case3 /usr/sbin/ping n0s30243.dnilab.cs.boeing.c
+om 5 &|}
[Tue Sep 11 09:01:13 2007] 7: Insecure dependency in piped open while 
+running setgid at /dev/fd/7 line 195.

[download]
I'm trying to make sure the data is untainted: 
    #--------------------- untaint the shell command -----------------
+------------------------#
    # --- untaint the $nnm argument
    if ($nnm !~ /([a-z]+ms1.[nkth][sxev].(cs.)?boeing.com)/ && $nnm !~
+ /(^case3.*)/)
    {
        print h3("NNM tainted: $nnm\n");
        die;
    }
    $nnm = $1;
    # --- untaint the $command argument
    unless ($command =~ /^[\w\s.\-\/]+$/  )  ##/^([-\@\w.]+)$/) ### #=
+~ m#^([\w\.\-/]+)$#)
    {
        print h3("command tainted: $command");
        print li($1);
        print li($2);
        print li($3);
        print li("$4\n");
        die;
    }
    $command = $1;
    # --- untaint the $debug argument
    unless ($debug =~ m#^([\w\.\-/]+)$#)
    {
        die h3("debug tainted: $debug\n");
    }
   $debug = $1;
      #---------------------------------------------------------------
+--------------------------#


    open(RSH, $cmd ) || die "Failed to run {$cmd}: $!";
    while (<RSH>)
    {
        $result .= "$_\n";
        push( @lines, $_ );
    }
    close(RSH);

    if ( $debug ) { print hr; print br; print i("Result: {" . $result 
+. "}"); }
    print br( "Lines returned: (" . @lines . ")" );
    print Dumper( @lines );
    print br,"------------", p;

[download]
I've also added logic that should secure the environment for perl: 
# redirect stderror to screen
BEGIN {
   use CGI::Carp qw(carpout);
   carpout(\*STDOUT);
}

# Turn off output buffering
$|=1;

delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
#delete $ENV{'PATH'},$ENV{'IFS'}, $ENV{'CDPATH'}, $ENV{'BASH_ENV'};
$ENV{'PATH'} = '/usr/bin;/usr/sbin';

# Set real UID to effective UID (dncms instead of oracle) so that rsh 
+works
$< = $>;

# Verify script is setuid by checking that dncnms is executing
my $uid = getpwnam('dncms');
if ($< != $uid)
{
    die "Error - $0 must be run as dncms $uid $<\n";
}

[download]
As for the '&', that's for the shell to run the command in the background and the '|' should return the result to the perl script.

In reply to Re^2: shell redirect CGI failure by gryf
in thread shell redirect CGI failure by gryf

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.