[11068] in Perl-Users-Digest

home help back first fref pref prev next nref lref last post

Perl-Users Digest, Issue: 4668 Volume: 8

daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Sat Jan 16 09:04:03 1999

Date: Sat, 16 Jan 99 06:00:19 -0800
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)

Perl-Users Digest           Sat, 16 Jan 1999     Volume: 8 Number: 4668

Today's topics:
    Re: calling a subroutine with variables <rick.delaney@home.com>
    Re: doscp command in program - proper email address <Russell_Schulz@locutus.ofB.ORG>
    Re: glob error <not@giving.it.out>
        grep question <gwynne@utkux.utk.edu>
        html_log.pl (Matt Wright) doesn't show logged days <dirk.spahn@s-direktnet.de>
    Re: New to Perl -- Frames Question <Tony.Curtis+usenet@vcpc.univie.ac.at>
    Re: New to Perl -- Frames Question <jgoldberg@dial-put_dot_here-pipex.com>
    Re: Perl Criticism <rra@stanford.edu>
    Re: Perl Criticism <staffan@ngb.se>
    Re: Perl Criticism <staffan@ngb.se>
    Re: Regex challenge (Ilya Zakharevich)
    Re: Regex challenge <dgris@moiraine.dimensional.com>
    Re: Regex challenge (Bart Lateur)
    Re: Running Perl Script as cron job : SERIOUS PROBLEM <jkreuzig@uci.edu>
    Re: Searching a string, with a headache <webmaster@link-maker.com>
    Re: Secuity hole with perl (suidperl) and nosuid mounts (Peter Samuelson)
    Re: Secuity hole with perl (suidperl) and nosuid mounts (Peter Samuelson)
    Re: Socket in Perl - help?????? <ebohlman@netcom.com>
    Re: Syntax help wanted:  "use strict" and sort $a and $ (M.J.T. Guy)
        The number of seconds since 1/1/1970 ? (Bob MacBob)
    Re: Web and perl <markopavlisic@iname.dot.com>
    Re: Were to learn PERL Online. (Eric Smith)
    Re: Were to learn PERL Online. (Sam Holden)
        Special: Digest Administrivia (Last modified: 12 Dec 98 (Perl-Users-Digest Admin)

----------------------------------------------------------------------

Date: Sat, 16 Jan 1999 06:03:04 GMT
From: Rick Delaney <rick.delaney@home.com>
Subject: Re: calling a subroutine with variables
Message-Id: <36A02D72.8B494457@home.com>

[posted & mailed]

Andy Kaplan wrote:
> 
> Basically, I want to use a variable to call a subroutine.

You can store references to each subroutine in a hash so that you can
access them by key later.

sub first  { print "first\n"  }
sub second { print "second\n" }

%hash = (
    first  => \&first,
    second => \&second,
);

> 
> That is, I have,
> @variables = ("first", "second");
> 
> And I have two subroutines, firstroutine and secondroutine. What I 
> want is something like this:
> 
> foreach $variable (@variables) {
>     if ($variable eq "first") {

Now you can get the coderef:

        $variableroutine = $hash{first};

and call it exactly as you had written:

>         &$variableroutine;
>     }
> }

perldoc perlref

-- 
Rick Delaney
rick.delaney@shaw.wave.ca


------------------------------

Date: Sat, 16 Jan 1999 01:26:15 -0500
From: Russell Schulz <Russell_Schulz@locutus.ofB.ORG>
Subject: Re: doscp command in program - proper email address
Message-Id: <19990116.012615.9z0.rnr.w164w@locutus.ofB.ORG>

Russell Schulz <Russell_Schulz@locutus.ofB.ORG> writes:

>> run "doscp filename a:"  in the shell.
>
> obviously, sh is trying to run `a:' as a program.

which, others pointed out (and I hadn't seen the followups, alas), meant
that filename probably had a trailing newline.

but posting example code still would have let you solve it yourself;
you'd start with:

  $filename="somefile.c";
  system("doscp $filename a:");

and you'd run it, and it would work -- taking you directly to the solution.
-- 
Russell_Schulz@locutus.ofB.ORG  Shad 86c


------------------------------

Date: Sat, 16 Jan 1999 12:39:19 +0000
From: Etienne Pollard <not@giving.it.out>
Subject: Re: glob error
Message-Id: <36A08877.8E9F92C@giving.it.out>

> : >    You cut/pasted it into this article, or you typed it in?
>
> It must have been typed, since it's not !# but #!
>
> : !#/usr/bin/perl

Actually, I cut/pasted the code bit in, then realised I had not put in
#!/usr/bin/perl so typed that bit in!



------------------------------

Date: Sat, 16 Jan 1999 08:06:50 -0500
From: "Robert Gwynne" <gwynne@utkux.utk.edu>
Subject: grep question
Message-Id: <77q355$rcj$1@gaia.ns.utk.edu>

Would someone please explain how the following construction works.

%FIELDS =       ('Personal
Information'=>['Name','Address','Telephone','Fax'],
                                'References'=>['Personal Ref 1', 'Personal
Ref 2']
                            );

foreach (values %FIELDS){
            grep($ALL_FIELDS{$_}++, @$_);
}

The above is from p. 71 of Official Guide to Programming  with CGI.pm.  The
grep function is the part that I don't understand. I understand grep in
general, but not this specific instance. I can't print $ALL_FIELDS because I
get an uninitialized value error. Just using "print" to print the value(s)
prints hex values.

Similar constructions are found in the FAQ, but are not broken down so that
newbies (at least this one) can understand them, e.g.,

b) If you don't know whether @in is sorted:
    undef %saw;
    @out = grep(!$saw{$_}++, @in);


c) Like (b), but @in contains only small integers:
    @out = grep(!$saw[$_]++, @in);


I would like to know EXACTLY what is going on here so that I can ultimately
understand it. I know what it does, I want to know how & why it does what it
does.

Bob Gwynne
JAPN (Just Another Perl Newbie)
gwynne@utkux.utk.edu
http://web.utk.edu/~gwynne

***********************************
Liberalism has always derived its authority and persuasiveness from a vision
of human nobility, from the idea that our dignity is derived from the
exercise of moral choice. Moral absolutism fears this act of choice and
fears the freedom required by the act of choosing.

Liberalism depends, ultimately, on faith in human choosing, and a liberal
revival depends on recovering the inspiration of this central conviction.

Michael Ignatieff









------------------------------

Date: Sat, 16 Jan 1999 07:53:49 +0100
From: "Dirk Spahn" <dirk.spahn@s-direktnet.de>
Subject: html_log.pl (Matt Wright) doesn't show logged days
Message-Id: <77pd8i$big$1@goof.de.uu.net>

I tried to use the html_log cgi-script of Matt Wright
(www.worldwidemart.com/scripts) to print results of log-files as a html-page
but there seems to be an error in this script: No logged days are shown on
the page, which the script produces.

Does anyone know the bug? Since I am very poor in Perl, I would be happy to
get an idea, how I can fix it.

Thanx, Daniela






------------------------------

Date: 16 Jan 1999 12:52:53 +0100
From: Tony Curtis <Tony.Curtis+usenet@vcpc.univie.ac.at>
Subject: Re: New to Perl -- Frames Question
Message-Id: <83k8yntox6.fsf@vcpc.univie.ac.at>

Re: New to Perl -- Frames Question, Matt
<mkh@mail.utexas.edu> said:

Matt> I would like to know if there is a simple way
Matt> of having a perl script post information to
Matt> two separate frames on a web page.  For

Yes.

Matt> instance, if the user inputs something into a
Matt> form, I want that script to process the input,
Matt> and then generate two HTML documents: one to
Matt> go in one frame on the page, and one to go in
Matt> another.  Maybe this is an HTML question.  Is

Actually since you want to know how to do it in
perl, I don't think anyone will bite...

Matt> there a simple tag that I can put in the
Matt> output that will direct the browser to one
Matt> frame, and then redirect it to another?  This
Matt> would be ideal.

Why, the CGI.pm module of course!

    perldoc CGI

see the section

    CREATING THE HTML DOCUMENT HEADER

for the "target".  It can be used in other methods
as well as start_html(), q.v.

hth
tony
-- 
Tony Curtis, Systems Manager, VCPC,    | Tel +43 1 310 93 96 - 12; Fax - 13
Liechtensteinstrasse 22, A-1090 Wien,  | <URI:http://www.vcpc.univie.ac.at/>
"You see? You see? Your stupid minds!  | private email:
    Stupid! Stupid!" ~ Eros, Plan9 fOS.| <URI:mailto:tony_curtis32@hotmail.com>


------------------------------

Date: Sat, 16 Jan 1999 12:44:43 -0000
From: "Jeremy Goldberg" <jgoldberg@dial-put_dot_here-pipex.com>
Subject: Re: New to Perl -- Frames Question
Message-Id: <77q1k4$oqj$1@plug.news.pipex.net>

>I would like to know if there is a simple way of having a perl script post
>information to two separate frames on a web page.  For instance, if the
user
>inputs something into a form, I want that script to process the input, and
>then generate two HTML documents: one to go in one frame on the page, and
>one to go in another.  Maybe this is an HTML question.  Is there a simple
>tag that I can put in the output that will direct the browser to one frame,
>and then redirect it to another?  This would be ideal.


You can't (as far as I know) do it directly - but what you CAN do, is write
a frameset page that re-invokes the script (or a partner script) in its
frame URLs, e.g.

When script "/cgi-bin/myscript.cgi?params=myparams" is invoked, it returns -

<frameset>
    <frame name="frame1"
src="/cgi-bin/myscript.cgi?type=frame1&params=myparams">
    <frame name="frame2"
src="/cgi-bin/myscript.cgi?type=frame2&params=myparams">
</frameset>

The problem with this is that the script is being invoked 3 times as much as
it might be without frames, although that's only a problem if it gets a lot
of hits.

- Jeremy Goldberg





------------------------------

Date: 16 Jan 1999 00:23:31 -0800
From: Russ Allbery <rra@stanford.edu>
Subject: Re: Perl Criticism
Message-Id: <ylr9svhbi4.fsf@windlord.stanford.edu>

topmind <topmind@technologist.com> writes:
> Russ Allbery <rra@stanford.edu> wrote:

>> Which is something that one learns not to do with experience.  Sure,
>> there are some experienced programmers who still aren't very good
>> programmers, but most people learn with time.

> Why would they learn something that there is no reward for?

50% of a programmer's job, if not more, is code maintenance.  I can't be
sure from what you're saying, but it sounds as if you're thinking that
people write code once and then move on to other projects.  That's rarely
the case even for consultants; they quite frequently get hired again some
time later to make changes to the code they wrote, on the grounds that
they're the most familiar with it.  One learns fairly quickly in this
business that one's code has to be at least clear enough for you to go
back and change it yourself.

>> Taking shortcuts that hurt code maintainability is bad programming.  If
>> one is plagued by bad programming, one should hire good programmers;

> They usually do anyway because the perpetrator moves on after a while.
> Besides, you can only test for skill, not MOTIVES.

Ask for samples of previous code.  See if it looks maintainable.  Ask for
referrals and recommendations.  You don't get very far making enemies out
of previous employers who have to deal with unreadable code.

-- 
#!/usr/bin/perl -- Russ Allbery, Just Another Perl Hacker
$^=q;@!>~|{>krw>yn{u<$$<[~||<Juukn{=,<S~|}<Jwx}qn{<Yn{u<Qjltn{ > 0gFzD gD,
 00Fz, 0,,( 0hF 0g)F/=, 0> "L$/GEIFewe{,$/ 0C$~> "@=,m,|,(e 0.), 01,pnn,y{
rw} >;,$0=q,$,,($_=$^)=~y,$/ C-~><@=\n\r,-~$:-u/ #y,d,s,(\$.),$1,gee,print


------------------------------

Date: Sat, 16 Jan 1999 14:31:33 +0100
From: Staffan Liljas <staffan@ngb.se>
Subject: Re: Perl Criticism
Message-Id: <36A094B4.F60A081B@ngb.se>

topmind wrote:

> > I find that perl fulfill these demands in a way that is convenient
> > to me.

> Are they convenient for your employer or the future followup
> programmer who has to read your code?

First of all, I cannot believe how bad a poster you are. For all the
posting you're doing, you still haven't learnt how to remove the parts
of a previous message that you DON'T want to reply to. I hate going
through thousand lines just to find a one-liner...

But the answer is yes. I usually use comments (on average) every five to
ten lines of code, and then I mean substansial comments. Most of the
time, I comment on every subroutine exactly what the parameters are,
what they mean, what the subroutine returns, what globals it use, what
other subroutines it call etc. 

This is seldom necessary for my understanding. However, if someone else
is looking on my program, I want them to be able to say "Neat
subroutine. I have no idea how it does it, but I like the results." and
since I have documented the interface, he/she can easily steal the sub
and use it in their code.

It also makes it easier for me to reuse my own subs in another program.
It's kindof the advantage of using objects... Without actually using
objects.

People might sneer at my code for being longer than necessary or overly
commented, but the performance isn't deteriorated that much by using my
way of writing things, and at least I understand what I'm doing.

If you're going to attack someone about writing maintainable code, I
think you should pick someone else. Or attack someone in a group that
doesn't have a clue. IMHO most people in this group write excellent
code. Not that I understand all of it, but I'm quite happy with my
subset of perl for now. And if I had to maintain the code of someone in
this group, I could always come here and post a question about what they
meant with something, and I'm sure they would be as kind as to direct me
to the answer.

Staffan


------------------------------

Date: Sat, 16 Jan 1999 14:49:17 +0100
From: Staffan Liljas <staffan@ngb.se>
Subject: Re: Perl Criticism
Message-Id: <36A098DD.11C5A0B1@ngb.se>

topmind@technologist.com wrote:
> I have not seen it in Perl, but in almost every other system
> that I was a followup person for. I truely doubt Perlers are
> immune or better tought readibility skills. It is obvious
> that they where only interested in finishing and don't care
> about maintainability costs (they don't pay 'em).

Hmmmm. This is funny. Are you blaming perl for problems you have only
seen in other programming languages. That seems like a strange thing
indeed...

I would strongly suggest interpreting what you just said into a sign
that perl-programmers write more maintainable and readable code than
other programmers do. But maybe there is some nuance of your use of the
English language that is eluding me. I'm a Swede, you know.

And then about your doubts... You have this indication that perlers
write readable code, and yet you accuse them of the opposite? And from
what do you derive the concludion that perlers are only interested in
finishing and are not interesting in the costs of maintenance?

> It is a general rule of business that without feedback
> and monitoring, things don't happen. Since
> businesses are too lazy to monitor code practices, it
> makes sense that the language should offer some protection
> from "subatomic level" abuse.

But there is a feed-back: If you write bad code, you don't get another
job. That's at least my experience. And it's a strong feedback too.
There is a big need for perl programmers, but there are also a few
programmers out there to take your job from you.

> I am not an extremist on this issue. I am only suggesting
> a COMPROMISE. The OOPers are the other extrem.

Is OOP code easier to maintain? I doubt it. I've had experiences with
needing to expand a programs capacity, and finding objects that are
difficult to understand and poorly documented, and in the end it turned
out that the object was poorly written regarding the change in
functionality I had in mind, so I had to rewrite the entire thing. This
after spending a lot of time trying to understand the object... 

> Design a language for cryptologists and the best ......

But you have still not showed us one single piece of cryptological code
that wasn't part of a sig or written for a competition.

Staffan


------------------------------

Date: 16 Jan 1999 07:36:09 GMT
From: ilya@math.ohio-state.edu (Ilya Zakharevich)
Subject: Re: Regex challenge
Message-Id: <77pfh9$qhg$1@mathserv.mps.ohio-state.edu>

[A complimentary Cc of this posting was sent to Rick Delaney 
<rick.delaney@home.com>],
who wrote in article <36A02B01.D8ACB279@home.com>:
> [posted & mailed]
> > Not with the current pitiful state of the REx engine.  But with the
> > proposed onion-rings syntax (see clp.moder) it can be done as
> > 
> >   (?<> ( (\&)? t (\&)? a (\&)? b (\&)? l (\&)? e (\&)? )
> >     <> ( \A \w* \&? \w* \z)
> >   )
> 
> I hope it's not too late to give opinions on this new syntax. 

No, it would definitely go better with better syntax (if possible).
*Any* suggestion is better than silence.

> As long as I think of this in terms of onion-rings then <> isn't too
> bad since it's sort of ring shaped.

> But stacking the "rings" doesn't indicate nesting to me.  I would prefer
> to think of testing the result of matching the first pattern,
> 
>     (\&)? t (\&)? a (\&)? b (\&)? l (\&)? e (\&)?
> 
> say, 'tab&le'
> 
> to see if it contains the second pattern,
> 
>     \A \w* \&? \w* \z
> 
> i.e. 'tab&le' =~ /\A \w* \&? \w* \z/x;
> 
> I wonder if something like this might be more readable.
> 
>    (?<> ( (\&)? t (\&)? a (\&)? b (\&)? l (\&)? e (\&)? )
>       ~ ( \A \w* \&? \w* \z)
>    )
> 
> or even 
> 
>    (?"" ( (\&)? t (\&)? a (\&)? b (\&)? l (\&)? e (\&)? )
>       ~ ( \A \w* \&? \w* \z)
>    )

Somehow I do not feel any immediate "Wow, it is great!" emotion.
Maybe I even like my proposed syntax better  ;-).

Ilya


------------------------------

Date: 16 Jan 1999 02:01:56 -0700
From: Daniel Grisinger <dgris@moiraine.dimensional.com>
Subject: Re: Regex challenge
Message-Id: <m3emovh9q3.fsf@moiraine.dimensional.com>

[posted and mailed]

ilya@math.ohio-state.edu (Ilya Zakharevich) writes:

> Not with the current pitiful state of the REx engine.  But with the
> proposed onion-rings syntax (see clp.moder) and it can be done as
> 
>   (?<> ( (\&)? t (\&)? a (\&)? b (\&)? l (\&)? e (\&)? )
>     <> ( \A \w* \&? \w* \z)	
>   )
> 
> Here I assume that in the "inner" onion ring \A and \z match at
> boundaries of the outer onion ring.

I've been thinking about this a lot the last few days (even going so
far as to be dreaming in perl :-), and I still don't understand how
capturing will work.  I'll use your earlier example of strings and
comments in C code to illustrate what I think you've said with how I
think it should work.  Of course, I may be thinking wrong.

Consider this data-

  /* This is a comment
   * covering lots of lines (imagine 1000s more)
   * "with embedded quoted strings"
   * foo "bar" baz (and random words)
   */

  int main() {
      char *baz = "fug";
      char *foo = "bar";
      char *fee = "fie";
      bar (foo);
      printf("This is a %s", foo);
      /* another comment */
  }

And this regex-

  (?<>
      ( $double_quoted )         
     !( $c_comment )             
      ( bar )                    
  )

If I'm understanding correctly, this would say to match the literal
string `bar' if it occurs in a double quoted string, but not if it
occurs in a C comment.  This seems okay (although I'm not sure that I
like the <> notation.  The diamond operator already has too deep an
idiomatic meaning in perl to be used here, I'm guessing).

What I don't understand is what will be set after this regex is applied
to the given data.  I see two distinct possibilities.
  
First, there is the obvious but wrong-

    $1 = '"bar"'       # the literal string containing our expression
    $2 = undef         # negated expressions can never capture a value
    $3 = 'bar'         # our match

    $` = ?             # 
    $' = ?             # don't know what these would be
    $& = ?             #

Then, the (perhaps) less obvious but correct-

    @1 = ( "fug", "bar")                        # note- not "fie" unless /g

    @2 = ( '/* This is a comment
             * covering lots of lines (imagine 1000s more)
             * "with embedded quoted strings"
             * foo "bar" baz (and random words)
             */' )                              # only the first comment


    $1 = 'bar'

    $` = \A.*(?=$&)
    $' = (?<=$&).*\z
    $& = 'bar'         # in this example, could also be set via \g< \g>

Theses are the proper results because the only way to know that you've
got proper nesting is to start at the beginning and move forward,
testing at each new position.  This seems, to me, to be far too
expensive a process to have to repeat.  Since you have already found
all of the comments and all of the string literals between \A and your
match, you should keep them.  I suppose that you could turn $1 into
an array ref, but I don't think that that is such a hot idea.  Especially
since @1 is available and natural.

Am I thinking wrong?

dgris
-- 
Daniel Grisinger          dgris@moiraine.dimensional.com
perl -Mre=eval -e'$_=shift;;@[=split//;;$,=qq;\n;;;print 
m;(.{$-}(?{$-++}));,q;;while$-<=@[;;' 'Just Another Perl Hacker'


------------------------------

Date: Sat, 16 Jan 1999 11:18:43 GMT
From: bart.lateur@skynet.be (Bart Lateur)
Subject: Re: Regex challenge
Message-Id: <36a36295.7718665@news.skynet.be>

Larry Rosler wrote:

>Even with the syntax errors corrected, this doesn't work in general, 
>because it doesn't examine each character in $orig and apply the case to 
>$replace.  It works for 'table', 'TABLE' and 'Table' but not otherwise.

You most likely may not depend on the original and the replacement word
having the same length.

>On the other hand, those three cases are the ones submitted and maybe 
>all that is desired, so perhaps all our character-by-character solutions 
>are wasted effort.

Well... these are the practically useful cases, IMO: upper case, lower
case, and titlecase.

The only other possibilities that I can think of, are when multiple
words are used: only first letter of first word in upper case, or first
letter of every word. But the requirements quickly get very fuzzy. What
if you replace one word starting with uppercase, with two words?

	Bart.


------------------------------

Date: Fri, 15 Jan 1999 23:57:51 -0800
From: Jim Kreuziger <jkreuzig@uci.edu>
To: jkelly@shannon.tellabs.com
Subject: Re: Running Perl Script as cron job : SERIOUS PROBLEM
Message-Id: <36A0467F.D3AC98E@uci.edu>

I've always been explicit with my declaration of the perl executable in my
crontab.  For example:

0 6 * * 1-5 /usr/local/bin/perl  /home/users/jim/last_login.pl >>
/home/users/jim/logs/last.log

This works as long as I have the proper permissions set.  Remember, perl scripts
can
from the command line either directly or by making the script an argument to the
perl
executable.

You can always get rid of the output redirect and have the cron daemon mail it
to you.

-Jim


jkelly@shannon.tellabs.com wrote:

> Hello,
>
> I am trying to run a perl script as a cron job. The line of the crontab file
> is shown below
>
> 46      17      *       *       * csh -c "<path>/txt_to_html >& /dev/null"
>
> where txt_to_html is the Perl program.
>
> The command runs OK from the command line but not as a cron job. I have
> looked up this problem in various newsgroups etc. and have tried sourcing
> .cshrc files, .login files, .profile files un the crontab line, setting
> environment variables : everything that is recommended in the newsgroups
> without success. I am not using any Perl libraries / modules. I am using
> Solaris 2.5.1 and perl 5.004. I would be grateful for any help that I could
> get on this problem as it has me well and truly confused !!
>
> Many Thanks,
> John Kelly <jkelly@shannon.tellabs.com>.
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/       Search, Read, Discuss, or Start Your Own



------------------------------

Date: Fri, 15 Jan 1999 23:13:04 -0700
From: jim <webmaster@link-maker.com>
Subject: Re: Searching a string, with a headache
Message-Id: <36A02DDD.8AB5E8D3@link-maker.com>

You're right larry...
 Guess I was sleeptyping...
jim

Larry Rosler wrote:
> 
> In article <369F4BE4.5B934ACA@link-maker.com>, webmaster@link-maker.com
> says...
> > all I can say is
> > @stuff=split('|',$line);
> > @more=split('*',$stuff[0])
> 
> I think you have overlooked that despite those misleading single-quotes,
> the argument to 'split' is a regex.  I prefer to make it explicit:
> 
>   @stuff=split(/\|/, $line);
>   @more=split(/\*/, $stuff[0])
> 
> --
> (Just Another Larry) Rosler
> Hewlett-Packard Company
> http://www.hpl.hp.com/personal/Larry_Rosler/
> lr@hpl.hp.com


------------------------------

Date: 16 Jan 1999 06:11:25 -0600
From: peter@nemesis.niar.twsu.edu (Peter Samuelson)
Subject: Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux
Message-Id: <77pvld$hsq$1@nemesis.niar.twsu.edu>

[Brian McCauley <B.A.McCauley@bham.ac.uk>]
> The suid script emulation in Perl 5.0004_4 (as found in SuSE Linux
> 5.3 and doubtless other Linux distributions) fails to take account of
> the nosuid mount option on filesystems.

Ah, but have you actually tried to exploit this?  It won't work.  The
kernel tests for this (check the source at fs/exec.c:550-562 in 2.0.35
or fs/exec.c:647-661 in 2.2.0pre7).  It'll just return EPERM
("Operation not permitted") to the execve() call.  Doesn't matter if
you're talking about suidperl or the real thing -- if the file is
marked setuid or setgid it simply won't run (unless you are root, or
you already have the same UID/GID as the file).

-- 
Peter Samuelson
<sampo.creighton.edu!psamuels>


------------------------------

Date: 16 Jan 1999 06:20:24 -0600
From: peter@nemesis.niar.twsu.edu (Peter Samuelson)
Subject: Re: Secuity hole with perl (suidperl) and nosuid mounts on Linux
Message-Id: <77q068$ht8$1@nemesis.niar.twsu.edu>

  [Brian McCauley <B.A.McCauley@bham.ac.uk>]
> > The suid script emulation in Perl 5.0004_4 (as found in SuSE Linux
> > 5.3 and doubtless other Linux distributions) fails to take account
> > of the nosuid mount option on filesystems.
[Peter Samuelson <psamuels@sampo.creighton.edu>]
> Ah, but have you actually tried to exploit this?  It won't work.  The
> kernel tests for this (check the source at fs/exec.c:550-562 in
> 2.0.35 or fs/exec.c:647-661 in 2.2.0pre7).  It'll just return EPERM
> ("Operation not permitted") to the execve() call.  Doesn't matter if
> you're talking about suidperl or the real thing -- if the file is
> marked setuid or setgid it simply won't run (unless you are root, or
> you already have the same UID/GID as the file).

I SPOKE TOO SOON!

Just after posting I realized that these checks by the kernel can be
easily circumvented by not having the kernel do the #! processing.
Just run `perl' or `suidperl' on the executable and it will duplicate
the kernel permission checks, including setuid bits, only it doesn't
duplicate them well enough.  I just now tested this on a loopback
filesystem and it is definitely exploitable.

Brian, you're right, I'm wrong.  This needs to be fixed.  Now.  (I'm
running Debian Linux 2.1 "slink" which features perl 5.004_04.)

-- 
Peter Samuelson
<sampo.creighton.edu!psamuels>


------------------------------

Date: Sat, 16 Jan 1999 06:34:44 GMT
From: Eric Bohlman <ebohlman@netcom.com>
Subject: Re: Socket in Perl - help??????
Message-Id: <ebohlmanF5n3Lw.83z@netcom.com>

Eric Bohlman <ebohlman@netcom.com> wrote:
: Use of $* is deprecated.  Use the /m modifier on any regex that needs to 
: have '.' match a newline.

arrgh.  Of course, that should be "use the /m modifier on any regex that 
needs to have '^' match the start of an 'internal' line and '$' match the 
end of an internal line."  The behavior I described is controlled by the 
/s modifier, which has nothing to do with $*.  I wrote that right after 
reading the description of $*, which was entirely correct, yet my mind 
very quickly transposed the two concepts.  Someone could probably get a 
good psychology thesis out of figuring out why so many people have such 
an easy time confusing the two concepts, despite the entirely clear 
documentation of the difference.



------------------------------

Date: 16 Jan 1999 13:00:57 GMT
From: mjtg@cus.cam.ac.uk (M.J.T. Guy)
Subject: Re: Syntax help wanted:  "use strict" and sort $a and $b parameters...
Message-Id: <77q2i9$lob$1@pegasus.csx.cam.ac.uk>

William Herrera <posting.account@lookout.com> wrote:
>Yes, I installed perl 5.004-02 from CPAN for Win32 and found that
>indeed it does not complain about undeclared $a and $b in sorts uder
>use strict.
>
>However, it also does not handle command line globbing of filename
>wildcards as my old 5.001 binaries did (or as the Solaris one does). 

Eh?   Globbing may have some rough edges, but it should work in that
version of Perl.    Can you give an example program (preferably short)
which works in 5.001 but not 5.004+ ?


Mike Guy


------------------------------

Date: Sat, 16 Jan 1999 08:58:07 GMT
From: b_macbob@NOSPAM.hotmail.com (Bob MacBob)
Subject: The number of seconds since 1/1/1970 ?
Message-Id: <36a0502e.49295492@news.dircon.co.uk>

Hi all,

I have perl5 on apache/unix - great.

How can I use a SSI to insert the number of seconds since 1/1/1970
into a document without calling a script to output the value?

The following script works when called by an '#include virtual=':

#!/usr/lib/bin/perl5
$seconds = time;
print "Content-type: text/html\n\n";
print "$seconds";

But I'm hoping their's a tidier way using environment variables and
timefmt or something like that.

Any help is greatly appreciated.

TVMIA,

Bob.


------------------------------

Date: Sat, 16 Jan 1999 09:00:00 GMT
From: "Mark Jean Do" <markopavlisic@iname.dot.com>
Subject: Re: Web and perl
Message-Id: <kyYn2.91$xX.1919953@news.siol.net>

I found solution.
Just using http://username:passwd@www.someserver.somedomain

--
--
Marko ma vas rad.
http://members.xoom.com/markjeando/
brian d foy wrote in message ...
>In article <BfLm2.297$2u.5302330@news.siol.net>, "Mark Jean Do"
<markopavlisic@iname.dot.com> posted:
>
>> I can get some html with Perl. But how can I get file if it requires to
>> logon? I know username and password.
>
>use LWP and supply the authorization information.  see the docs for
>examples.
>
>--
>brian d foy
>CGI Meta FAQ <URL:http://www.smithrenaud.com/public/CGI_MetaFAQ.html>




------------------------------

Date: 16 Jan 1999 07:34:49 GMT
From: eric@nafex.comi (Eric Smith)
Subject: Re: Were to learn PERL Online.
Message-Id: <slrn7a0g8p.pem.eric@eric.nafex.com>


If u looking for online tut:
http://agora.leeds.ac.uk/Perl/start.html

ciao
-- 
Eric Smith (eric@nafex.com)
Tel 0027 82 780 7888 (vodacom)


------------------------------

Date: 16 Jan 1999 07:57:58 GMT
From: sholden@pgrad.cs.usyd.edu.au (Sam Holden)
Subject: Re: Were to learn PERL Online.
Message-Id: <slrn7a0hk6.9tv.sholden@pgrad.cs.usyd.edu.au>

On 16 Jan 1999 07:34:49 GMT, Eric Smith <eric@nafex.comi> wrote:
>
>If u looking for online tut:
>http://agora.leeds.ac.uk/Perl/start.html

If you want a tutorial that doesn't even mention 'my' when talking about
subroutines (and even uses local in it's place)...

If you want a tutorial that doesn't do error checking on open() when talking
about file handling...

If you want a tutorial tha uses chop() to remove newlines...

I'm sure you could find a more useful tutorial somewhere off
http://www.perl.com, though I must admit I haven't looked...

-- 
Sam

Perl was designed to be a mess (though in the nicest of possible ways). 
	--Larry Wall


------------------------------

Date: 12 Dec 98 21:33:47 GMT (Last modified)
From: Perl-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin) 
Subject: Special: Digest Administrivia (Last modified: 12 Dec 98)
Message-Id: <null>


Administrivia:

Well, after 6 months, here's the answer to the quiz: what do we do about
comp.lang.perl.moderated. Answer: nothing. 

]From: Russ Allbery <rra@stanford.edu>
]Date: 21 Sep 1998 19:53:43 -0700
]Subject: comp.lang.perl.moderated available via e-mail
]
]It is possible to subscribe to comp.lang.perl.moderated as a mailing list.
]To do so, send mail to majordomo@eyrie.org with "subscribe clpm" in the
]body.  Majordomo will then send you instructions on how to confirm your
]subscription.  This is provided as a general service for those people who
]cannot receive the newsgroup for whatever reason or who just prefer to
]receive messages via e-mail.

The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc.  For subscription or unsubscription requests, send
the single line:

	subscribe perl-users
or:
	unsubscribe perl-users

to almanac@ruby.oce.orst.edu.  

To submit articles to comp.lang.perl.misc (and this Digest), send your
article to perl-users@ruby.oce.orst.edu.

To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.

To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.

The Meta-FAQ, an article containing information about the FAQ, is
available by requesting "send perl-users meta-faq". The real FAQ, as it
appeared last in the newsgroup, can be retrieved with the request "send
perl-users FAQ". Due to their sizes, neither the Meta-FAQ nor the FAQ
are included in the digest.

The "mini-FAQ", which is an updated version of the Meta-FAQ, is
available by requesting "send perl-users mini-faq". It appears twice
weekly in the group, but is not distributed in the digest.

For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.


------------------------------
End of Perl-Users Digest V8 Issue 4668
**************************************

home help back first fref pref prev next nref lref last post