[13466] in Perl-Users-Digest
Perl-Users Digest, Issue: 876 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Wed Sep 22 12:17:39 1999
Date: Wed, 22 Sep 1999 09:10:19 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <938016619-v9-i876@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Wed, 22 Sep 1999 Volume: 9 Number: 876
Today's topics:
printf mask? <c_duncan_hudson@yahoo.com>
Re: printf mask? (Kragen Sitaker)
Re: problem with the UNIX sum checksum command and unpa <elaine@chaos.wustl.edu>
Re: problem with the UNIX sum checksum command and unpa (T. William Wells)
Re: problem with the UNIX sum checksum command and unpa (Kragen Sitaker)
Re: problem with the UNIX sum checksum command and unpa (Filip M. Gieszczykiewicz)
Re: Redirect STDERR <henkel@us.ibm.com>
Remove %20 <newsgrouppost@smartmedia.nl>
Re: Remove %20 <mike@crusaders.no>
Re: stripping newlines out of a string <qcoldiro@thetoolhouse.com>
Re: stripping newlines out of a string (Larry Rosler)
Re: threads and win32 (Kragen Sitaker)
Re: threads and win32 <camerond@mail.uca.edu>
Totally off topic, ignore haylockj@my-deja.com
Win32::ODBC.pm hangs CGI.pm under Apache p.scott@shu.ac.uk
You should be admired <jwc@acsu.buffalo.edu>
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Wed, 22 Sep 1999 14:42:57 GMT
From: Dunc <c_duncan_hudson@yahoo.com>
Subject: printf mask?
Message-Id: <7saptd$b6h$1@nnrp1.deja.com>
This is probably a simple question, but it has me stumped. I need to
convert a hex string to binary and write the resulting binary string to
an output file. Can I do it with printf, is there an appropriate mask?
Is there a better way? Thanks in advance, sorry if it seems like a
trivial question.
Dunc.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Date: Wed, 22 Sep 1999 15:19:53 GMT
From: kragen@dnaco.net (Kragen Sitaker)
Subject: Re: printf mask?
Message-Id: <ts6G3.3266$QJ.187459@typ11.nn.bcandid.com>
In article <7saptd$b6h$1@nnrp1.deja.com>,
Dunc <c_duncan_hudson@yahoo.com> wrote:
>This is probably a simple question, but it has me stumped. I need to
>convert a hex string to binary and write the resulting binary string to
>an output file. Can I do it with printf, is there an appropriate mask?
> Is there a better way? Thanks in advance, sorry if it seems like a
>trivial question.
perl -we 'print pack "H*", "464646204646460a"'
outputs
FFF FFF
HTH.
perldoc -f pack.
--
<kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/>
Wed Sep 22 1999
47 days until the Internet stock bubble bursts on Monday, 1999-11-08.
<URL:http://www.pobox.com/~kragen/bubble.html>
------------------------------
Date: Wed, 22 Sep 1999 11:16:42 -0400
From: Elaine -HFB- Ashton <elaine@chaos.wustl.edu>
Subject: Re: problem with the UNIX sum checksum command and unpack
Message-Id: <37E8F250.832627CC@chaos.wustl.edu>
Kragen Sitaker wrote:
> Presumably, if you're keeping an eye on suid files, you're interested
> in defending against intelligent attackers.
Or dumb ones. Script kiddies don't even have to think these days.
With regard to the original question, 'sum' and it's brethren may be
using 16-bit checksums depending on the system and pack/unpack default
to 16-bit, but somewhere between the 2 you may have a mis-match which
might explain the discrepancy. Or it could be something else entirely
depending on your code.
> If you're doing what I think you're doing, you should be using a
> cryptographically-strong hash function like MD5 or SHA-1. Some
> versions of Unix come with a program called md5sum or something
> similar.
Yes, it's md5sum. I don't know if cryptographic strength is a feature
here, but depending on the level of squick, it certainly cannot hurt.
Often I see people running COPS and Tripwire yet leave the front door
wide open. Host based security should cover a wide range of things.
> There are Digest::MD5 and Digest::SHA modules available from CPAN.
Yes, both of these are good.
http://search.cpan.org/search?mode=module&query=Digest
e.
------------------------------
Date: 22 Sep 1999 11:16:12 -0400
From: bill@twwells.com (T. William Wells)
Subject: Re: problem with the UNIX sum checksum command and unpack
Message-Id: <7sarrs$2knp$1@twwells.com>
: Has anybody got a perl algorithm equivalent to any of
: the other UNIX checksum commands
On reasonably recent FreeBSD's,
/sbin/md5
use MD5;
will do what you want.
------------------------------
Date: Wed, 22 Sep 1999 15:26:29 GMT
From: kragen@dnaco.net (Kragen Sitaker)
Subject: Re: problem with the UNIX sum checksum command and unpack
Message-Id: <Fy6G3.3273$QJ.189060@typ11.nn.bcandid.com>
In article <37E8F250.832627CC@chaos.wustl.edu>,
Elaine -HFB- Ashton <elaine@chaos.wustl.edu> wrote:
>> cryptographically-strong hash function like MD5 or SHA-1. Some
>> versions of Unix come with a program called md5sum or something
>> similar.
>
>Yes, it's md5sum.
Well, it's md5sum on my Cygwin32 box; someone else posted that it was
called md5 on their FreeBSD box.
--
<kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/>
Wed Sep 22 1999
47 days until the Internet stock bubble bursts on Monday, 1999-11-08.
<URL:http://www.pobox.com/~kragen/bubble.html>
------------------------------
Date: 22 Sep 1999 15:39:35 GMT
From: filipg+@pitt.edu (Filip M. Gieszczykiewicz)
Subject: Re: problem with the UNIX sum checksum command and unpack
Message-Id: <7sat7n$bbk$1@usenet01.srv.cis.pitt.edu>
In Article <1dyisxt.x9e4crytcy1yN@twig.demon.co.uk>, through puissant locution, fergus@twig.demon.co.uk (Fergus McMenemie) soliloquized:
> I use the UNIX sum command as the basis of an ad-hoc
> scheme that keeps and eye on all SUID files. I liked
> the fact that perl contains an equivalent in built
> checksum command of its own (unpack). I could use both
> methods to check a file, and the value would be the
> same.
> However I have now seen several cases where a file was
> changed yet the System V sum value didn't change. In
> most cases the files byte contents were the same it
> was just the order of the lines that had changed.
[snip]
The basic vanilla "sum" is absolutely and completely useless.
Note a few lines from an attack on root:
-----------------chop-with-axe----------------chop-with-axe---------------------
rm -rf in.telnetd-trojan.c
ls -la /usr/sbin/in.telnetd
./fix /usr/sbin/in.telnetd ./telnetd telnetd.bak
chmod +w /usr/sbin/in.telnetd
whoami
-----------------chop-with-axe----------------chop-with-axe---------------------
See that "./fix" up there... it will "fix" the sum of ./telnetd to
be exactly the same as that of /usr/sbin/in.telnetd and write results
to telnetd.bak
Do an altavista search for "fix.c" and the source is up there.
Stop even thinking it useful and you will be much happier down
the road. See md5-based checksums..
Cheers,
Filip G.
P.S. return e-mail BAD. Please use filipg@corona.eps.pitt.edu
--
Filip "I'll buy a vowel" Gieszczykiewicz | http://www.repairfaq.org/
I am the river itself and the leaf floating its currents.
I am steering. I am swept. I am.
------------------------------
Date: Wed, 22 Sep 1999 08:24:33 -0500
From: "Dean A. Henkel" <henkel@us.ibm.com>
To: Michael Stevens <mstevens@ashre.demon.co.uk>
Subject: Re: Redirect STDERR
Message-Id: <37E8D891.DF7CC477@us.ibm.com>
Thanks Mike and all who replied.
Your example seems to work just fine for what I need. This board is excellent!
Dean
Michael Stevens wrote:
> On Tue, 21 Sep 1999 10:49:39 -0700, Samay <samay1NOphSPAM@hotmail.com> wrote:
> >open STDERR,">errofile";
> >your code
>
> It gets more interesting if you want STDERR back later.
> And do you really want to leave random files called 'errofile' lying
> about all over this guy's hard drive?
>
> I'd recommend something like:
>
> # hide stderr
> open SAVEERR, ">&STDERR";
> open STDERR, ">/dev/null";
>
> # some stuff which wants stderr hidden
>
> # bring stderr back
> open STDERR, "&SAVEERR";
>
> I haven't tested the above.
> Which is quickly modified from page 193 of my copy of the camel book.
> What's a safe equivalent of /dev/null that's portable to win32 and
> UNIX, if any?
------------------------------
Date: Wed, 22 Sep 1999 17:29:04 +0200
From: "E.G. van Haandel" <newsgrouppost@smartmedia.nl>
Subject: Remove %20
Message-Id: <7sasj5$cr7$1@enterprise.cistron.net>
Hello,
When I try to send a variable (with a space) to a perl-script, the space is
changed to %20. How can I remove the %20 from the variable?
Thanx,
Emiel.
------------------------------
Date: Wed, 22 Sep 1999 17:58:13 +0200
From: "Trond Michelsen" <mike@crusaders.no>
Subject: Re: Remove %20
Message-Id: <M07G3.202$OH6.1826@news1.online.no>
E.G. van Haandel <newsgrouppost@smartmedia.nl> wrote in message
news:7sasj5$cr7$1@enterprise.cistron.net...
> When I try to send a variable (with a space) to a perl-script, the
space is
> changed to %20. How can I remove the %20 from the variable?
#!/path/to/perl -w
use strict;
use CGI;
$q = new CGI;
$var = $q->param('varname');
--
Trond Michelsen
------------------------------
Date: Wed, 22 Sep 1999 08:06:56 -0500
From: quinn coldiron <qcoldiro@thetoolhouse.com>
Subject: Re: stripping newlines out of a string
Message-Id: <37E8D470.25C8CE6C@thetoolhouse.com>
Thanks all. I was using s/[\012]// which I got out of my Perl 5 HOWTO
book, but it only got the first \n, then stopped. I changed it to
s/[\012]//g and now it gets all of them.
I'm not the best with reg expresions, so all you input helped.
Thanks,
Quinn
------------------------------
Date: Wed, 22 Sep 1999 08:19:35 -0700
From: lr@hpl.hp.com (Larry Rosler)
Subject: Re: stripping newlines out of a string
Message-Id: <MPG.1252934f1709f8aa989fbc@nntp.hpl.hp.com>
[Posted and a courtesy copy sent.]
In article <37E8D470.25C8CE6C@thetoolhouse.com> on Wed, 22 Sep 1999
08:06:56 -0500, quinn coldiron <qcoldiro@thetoolhouse.com> says...
> Thanks all. I was using s/[\012]// which I got out of my Perl 5 HOWTO
> book, but it only got the first \n, then stopped. I changed it to
> s/[\012]//g and now it gets all of them.
I'm glad our responses helped you. But none of them suggested using an
abomination like "[\012]" instead of "\n".
I'm not sure exactly which book you are using, but I would ditch it
instantly, in favor of 'Learning Perl' or its sibling for Win32.
--
(Just Another Larry) Rosler
Hewlett-Packard Laboratories
http://www.hpl.hp.com/personal/Larry_Rosler/
lr@hpl.hp.com
------------------------------
Date: Wed, 22 Sep 1999 13:07:46 GMT
From: kragen@dnaco.net (Kragen Sitaker)
Subject: Re: threads and win32
Message-Id: <Cw4G3.3154$QJ.173920@typ11.nn.bcandid.com>
In article <03676caf.74a6b66e@usw-ex0102-012.remarq.com>,
chusqui <jesus.escribanoNOheSPAM@telefonica.es> wrote:
>Which packages should I install?
>And last:
>It is a good idea spend time in learn a lot about threads?
Not if you can help it. Getting multithreaded programs to work
reliably is much harder than getting single-threaded programs to work
reliably.
Sometimes you need threads, though.
>or is better
>to know deptly other features similars?
To know deeply other similar features? Like fork()? Hmm, that doesn't
work yet in Win32. I don't know if you have any other option.
>***¿Alguien habla español aquí?****
No, mi español es muy malo. Su ingles es mejor.
--
<kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/>
Wed Sep 22 1999
47 days until the Internet stock bubble bursts on Monday, 1999-11-08.
<URL:http://www.pobox.com/~kragen/bubble.html>
------------------------------
Date: Wed, 22 Sep 1999 08:57:11 -0500
From: Cameron Dorey <camerond@mail.uca.edu>
Subject: Re: threads and win32
Message-Id: <37E8E037.42439EEE@mail.uca.edu>
chusqui wrote:
>
> I have a question, sorry if this is off-topic.
> How I can use threads in win32 ?(with PERL of course)
> My system has now:
> +W95
> +Activestate 519
With the system you have, you can't. You can "roll your own" using a C
compiler and the source code, but I don't think that's what you want to
do here, especially seeing that you're using Win95.
>
> Which packages should I install?
> And last:
> It is a good idea spend time in learn a lot about threads?
Apparently not.
> or is better
> to know deptly other features similars?
IMHO, it would be better to go more deeply into your proposed program
architecture and see if you really need threads or similar features.
Chances are, you can do without (since Perl [note the use of both upper
and lower case here] has not had threads until the latest release [and
they are still termed experimental] and programmers can still do a lot
without them).
Cameron
--
Cameron Dorey
Associate Professor of Chemistry
University of Central Arkansas
Phone: 501-450-5938
camerond@mail.uca.edu
------------------------------
Date: Wed, 22 Sep 1999 13:36:45 GMT
From: haylockj@my-deja.com
Subject: Totally off topic, ignore
Message-Id: <7sam1c$80i$1@nnrp1.deja.com>
>uri> because i don't type them on the fly each time!
>>ltl> I provided you with the perfect setup
>>ltl> ... you missed the perfect setup?
>>ltl> ... was a bit miffed that nobody bit on that one.
>uri> because i don't want to swing at every pitch!
Uri,
Might ask ltl does he 'ping' at every 'switch'?
= Jonathan Haylock =
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Date: Wed, 22 Sep 1999 15:34:09 GMT
From: p.scott@shu.ac.uk
Subject: Win32::ODBC.pm hangs CGI.pm under Apache
Message-Id: <7sasth$dja$1@nnrp1.deja.com>
I am using ODBC to hold data which is displayed on a website. I get
this message with the -w flag:
Use of uninitialized value at C:/Perl/site/lib/Win32/ODBC.pm line 258.
and also for lines 257 and 258. If my database has enough rows the
error messages cause a perl.exe to run forever. Without the -w flag
everything works.
I am new to perl; am I missing something?
thanks
Peter (p.scott@shu.ac.uk)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Date: Wed, 22 Sep 1999 11:56:15 -0400
From: James W Corpening <jwc@acsu.buffalo.edu>
To: abigail@delanet.com
Subject: You should be admired
Message-Id: <37E8FC1F.D130A86F@acsu.buffalo.edu>
Abigail wrote:
> `` I've searched the FAQs, perl.com, and other places, but I haven't found
> `` a hint as to how to make a hyperlink work as a submit button. Is it
> `` possible (I sorta remember seeing instructions, somewhere)? If so, how?
>
> What makes you think perl.com would have any information about that?
> Did you go to www.eiffel.com as well? Or to www.python.org? And what
> FAQs did you read? There are hundreds of them on rtfm.mit.edu.
Ya know, some of you illiterates are real idiots. I write in perl, and I use submit
buttons in my html portions, as probably many of you do. Consequently, I thought to
rely on the perl group (the MISC group) to help me. I appreciate the answers I
received among the righteous scoldings, but lighten up, kick your dog, or find some
other catharsis for your anger. The next time you ask your buddy what he thinks of
the Dallas Cowboys, unless he plays for them, call yourself a hypocrite.
-jc
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 876
*************************************
