[8520] in bugtraq
Re: Check system calls (was Re: Several new CGI vulnerabilities)
daemon@ATHENA.MIT.EDU (Chip Salzenberg)
Thu Nov 12 16:03:30 1998
Date: Wed, 11 Nov 1998 12:00:08 -0500
Reply-To: Chip Salzenberg <chip@PERLSUPPORT.COM>
From: Chip Salzenberg <chip@PERLSUPPORT.COM>
X-To: lstein@cshl.org
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199811111607.LAA26192@formaggio.cshl.org>; from Lincoln Stein on
Wed, Nov 11, 1998 at 11:07:48AM -0500
According to Lincoln Stein:
> Chip Salzenberg writes:
> > According to Lincoln Stein:
> > > And here's a general Perl technique for opening pipes without getting
> > > the shell involved at all:
> > >
> > > open (MAIL,"|-") || exec '/usr/lib/sendmail','-t','-oi';
> > > print MAIL <<END;
> >
> > Lincoln knows this, but for the less-experienced, I suggest it's not a
> > good idea to let the fork and the exec go unchecked:
>
> I know it, but I don't usually do it. The worst that can happen is
> that no mail goes out -- correct me if I'm wrong.
Sorry, but: If the fork succeeds and the exec fails, then you end up
with the parent and the child both executing the rest of the program.
Usually this is considered a bug. :-/
--
Chip Salzenberg - a.k.a. - <chip@perlsupport.com>
"There -- we made them swerve slightly!" //MST3K
