Re: Perl's exec

To: "Stefan Hornburg \(Racke\)" <racke@linuxia.de>
Cc: debian-security@lists.debian.org
Subject: Re: Perl's exec
From: Andrew Pimlott <ota-24@andrew.pimlott.net>
Date: Thu, 2 May 2002 09:30:45 -0400
Message-id: <[🔎] 20020502133045.GA4052@pimlott.net>
In-reply-to: <[🔎] 87u1pqd7lx.fsf@snowflake.linuxia.de>
References: <[🔎] 87u1pqd7lx.fsf@snowflake.linuxia.de>

On Thu, May 02, 2002 at 03:03:54PM +0200, Stefan Hornburg (Racke) wrote:
> # Pass parameters to Swish++ search program
> open (SEARCH, '-|')
> 	or exec '/usr/bin/search++', '-i', '/var/lib/dhelp/swish++.index', "$search";
> 
> >From the Perl documentation it should be safe to pass "unsafe" characters
> in $search (perldoc -f exec).
> 
> I would like to read your opinion before allowing such things like *
> in $search.

Yes, this is safe from the shell.  As long as search++ does not
interpret any characters in a dangeous way, it looks safe.

Andrew


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Perl's exec
  - From: racke@linuxia.de (Stefan Hornburg Racke)

Prev by Date: Perl's exec
Next by Date: Re: qpopper related question
Previous by thread: Perl's exec
Next by thread: APT-GET Problems
Index(es):
- Date
- Thread