Re: Keep getting error with email validation script

grocery_stocker <cdalten@xxxxxxxxx> wrote:

Tad McClellan wrote:
grocery_stocker <cdalten@xxxxxxxxx> wrote:

I
also figures since the OP is & to invoke the subroutine,


What effect does using & on the function call have for the
function that is being discussed?


I forgot. I think it was something to do with the fact the OP was
already screwing himself using &..


How was using & screwing him up?

His code will work perfectly fine with an ampersand on the function call.


we might as
well just continue to screw ourself by using the unsafe system()
function.


What is unsafe about the system() function?

Using the shell is certainly unsafe, but you can use the system()
function in such a way that it won't use a shell.

Is that what you meant?


I should probably explore this before I shoot off my mouth,


That would be uncharacteristic of what I have observed of
your posts to this point.


but under
*nix, you can screw yourself with system() by having the user do
something really inane with the input. Like

char arr[200];
system(arr);

The user then can go like
ls -al; rm

This is because system() under *nix uses the fork/exec model.


No it isn't.

It is because there is a shell involved. (semicolon is a shell metacharacter.)

If you use the form of system() that does not invoke a shell,
then the above bad guy trick will not "work".


So is the
behavior different using Perl?


Perl's system() also uses the fork/exec model.

But that model is not the reason for the unsafety that you claim.


--
Tad McClellan SGML consulting
tadmc@xxxxxxxxxxxxxx Perl programming
Fort Worth, Texas
.

Relevant Pages

  • Re: Keep getting error with email validation script
    ... also figures since the OP is & to invoke the subroutine, ... What is unsafe about the systemfunction? ... Using the shell is certainly unsafe, but you can use the system ...
    (comp.lang.perl.misc)
  • Re: how to write a program that takes arguments from commandline?
    ... I assume argc contains the number of ... programs are often invoked from a shell ... Shells *can* use spaces to delimit arguments, ... like for constructing the arguments for the programs you invoke. ...
    (comp.lang.c)
  • Looking for a extensible shell for debug purpose
    ... process using IPC. ... Now I want to add a thread to this program to start shell, ... extensible shell, to enter command, then invoke the corresponding ... like lua, can embedded into the program, and by running lua script to ...
    (comp.os.linux.development.apps)
  • Re: Microsoft and Trust Take 2
    ... I still don't get the Shell part, ... VB needs typelibs, but .Net needs Interop ... You don't need unsafe code I ...
    (microsoft.public.vb.general.discussion)
  • Re: without shell
    ... >> These commands invoke shell indeed. ... > sequence rather than a single string. ... On UNIX, os.popen is posix.popen, is a simple wrapper ...
    (comp.lang.python)
Loading