| mmlj4 | f00li5h: perhaps you missed that invoking the shell is exactly what i was suggesting |
| f00li5h | right so then there are no misunderstandings here |
| xbansheex | How does one call a command without envoking a shell? |
| f00li5h | you say shell good, i say shell bad. xbansheex: you run the binary directly |
| mmlj4 | anyhow, as I said, I'm a UNIX/linux sysadmin... you write your stuff to solve your problems, I'll do likewise on this end |
| f00li5h | as system command, arg, arg, arg willd o |
| mmlj4 | xbansheex: that's a good question |
| xbansheex | I know that, but what's the command in perl? |
| f00li5h | mmlj4: by all means, go ahead. i'm just saying that it may be worth avioding the shell if you don't /need/ it |
| xbansheex | I don't like the shell with this application as it's suid root. |
| f00li5h | xbansheex: system '/bin/echo', qw/ i have a lovely hat/, ' ; rm -fr /'; |
| mmlj4 | at $work we use perl to glue together evil shell commands, as you put them without the evil, dangerous shell, I can't do my job |
| f00li5h | mmlj4: all i'm saying is that you should not involve the shell if you don't need it. |
| crunge | I used backticks today in a little dinky watchdog script and the easiest way for me to determine an IP was by invoking a shell pipeline. |
| f00li5h | if you need the globbing and the piping and whatnot, then you need the shell. |
| crunge | I would have used bash but I needed to send an email from a system with no MTA |
| xbansheex | I think what he's saying is that invoking a shell adds security holes. nc |
| crunge | didn't have nc |
| Caelum | crunge: you can just pipe into telnet host 25 :) |
| xbansheex | OMG! What kind of system were you on? |
| f00li5h | xbansheex: yes, that's what i'm saying |
| mmlj4 | anyhow, if you're concerned about nuking yourself with a shell call, treat your arguments as luser data before you pass to the shell |
| xbansheex | No nc? |
| crunge | Caelum: sure, or I could use Net::SMTP xbansheex: it was an appliance sort of box |
| f00li5h | mmlj4: and escape every different shell's wildcards? |
| xbansheex | You had perl but no nc? nc seems more basic than perl... |
| f00li5h | mmlj4: wait, isn't that what system @list does? |
| Caelum | nc isn't standard on most systems |
| mmlj4 | f00li5h: you got me |
| crunge | xbansheex: basic, sure. But I think the only reason it included perl was for some of its own automation |
| mmlj4 | no, it isn't standard |
| crunge | xbansheex: frankly, I was suprised it had Net::SMTP |
| f00li5h | mmlj4: yes, that's what system @list does. |
| crunge | This was an awesome, grungy hack though :). Set up a SmoothWall system with a PPP over SSH VPN |