[16022] in Perl-Users-Digest
Perl-Users Digest, Issue: 3434 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Tue Jun 20 18:15:44 2000
Date: Tue, 20 Jun 2000 15:15:29 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <961539328-v9-i3434@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Tue, 20 Jun 2000 Volume: 9 Number: 3434
Today's topics:
Running another script <r.meEEEtcalfNOSPAM@exXXX.acCCC.ukKKK>
Re: Running another script <care227@attglobal.net>
Re: Running another script <r.meEEEtcalfNOSPAM@exXXX.acCCC.ukKKK>
Re: Running another script <care227@attglobal.net>
Re: Running another script <Jonathan.L.Ericson@jpl.nasa.gov>
Re: socket help (Steve Leibel)
Re: Suggestions for returning a range of values (Tim)
Re: Translating from a code reference back to a functio <dan@tuatha.sidhe.org>
Re: Viewing Multipart/Mixed messages <rvadlapa@cisco.com>
Re: Viewing Multipart/Mixed messages <rvadlapa@cisco.com>
Re: What's the difference between a hash and an array? (David Bell)
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Tue, 20 Jun 2000 19:12:58 +0100
From: "Robert Metcalf" <r.meEEEtcalfNOSPAM@exXXX.acCCC.ukKKK>
Subject: Running another script
Message-Id: <8ioc39$ede8$1@athena.ex.ac.uk>
Hi,
I've searched Perl Docs to no avail, but I rekon I was looking in the wrong
place.
I want to write a security script that checks input is ok then it runs the
script passing all it's parameters expect one. It's output is the output
from the scrpit unless there is and error. Here's a frame work:
#!/usr/bin/perl
use CGI qw(param);
$RJM_script = param("script");
$Output_Buffer = "";
if (CheckInput eq "YES") {
$Output_Buffer = RunScript($RJM_script) #<- How do I run the script
with all the
#params this one
#recieved apart from the script tag
print $Output_Buffer;
} else {
###code to pring error page
};
die;
##subs now
sub CheckInput {
$INPUTOK="YES";
#code to check input
#how do I recurse through all the parameters?
return $INPUTOK
};
Thanks
Rob
--
----------------------------------------------------------
REMOVE all capital letters to email me
FYI: If the subject of the message is:
Newbie Question
Please help me
or anything else not conatining the topic of the message, I tend to skip the
post.
------------------------------
Date: Tue, 20 Jun 2000 14:14:55 -0400
From: Drew Simonis <care227@attglobal.net>
Subject: Re: Running another script
Message-Id: <394FB49F.18BA2441@attglobal.net>
Robert Metcalf wrote:
>
> I want to write a security script that checks input is ok then it runs the
> script passing all it's parameters expect one. It's output is the output
> from the scrpit unless there is and error. Here's a frame work:
Why are you breaking this into 2 scripts? You could do the
checks in a subroutine, and if they pass, resume execution.
Failure would cause either a re-prompt for info or you could
cause the script to die().
I know this isn't answering your specific question, but I just
have to think the methodology is flawed. If you use the security
checking portion alot, make it into a module. Or use an existing
module like CGI-ArgChecker.
------------------------------
Date: Tue, 20 Jun 2000 20:34:46 +0100
From: "Robert Metcalf" <r.meEEEtcalfNOSPAM@exXXX.acCCC.ukKKK>
Subject: Re: Running another script
Message-Id: <8iogsl$evqn$1@athena.ex.ac.uk>
> Why are you breaking this into 2 scripts? You could do the
> checks in a subroutine, and if they pass, resume execution.
> Failure would cause either a re-prompt for info or you could
> cause the script to die().
Your right, this method is probally just me being a dumb arse.
I just want to write the security stuff once throughout my system.
So the next question is how?
I don't know how to create a module, but is there an include statment like
the one in Power Basic that simply copies the specified text file to replace
the statment before it runs the entire code?
> I know this isn't answering your specific question, but I just
> have to think the methodology is flawed
Possible, infact very proballe but I have joined a team who maintain a web
server with lots of web sites. Due to political reasons, users can't add
their own scripts the reason given being security. If I write a security
script with permisisons to run, that takes a script without permissions to
run, runs it and forwards an output it may result in the ppl in charge
allowing users to write their own perl scripts, running them via my security
script.
Anyway, I would like to find out what is possible either way, so your help
is apreacated.
Cheers
Rob
----------------------------------------------------------
REMOVE all capital letters to email me
FYI: If the subject of the message is:
Newbie Question
Please help me
or anything else not conatining the topic of the message, I tend to skip the
post.
------------------------------
Date: Tue, 20 Jun 2000 16:04:34 -0400
From: Drew Simonis <care227@attglobal.net>
Subject: Re: Running another script
Message-Id: <394FCE52.BE09A6B2@attglobal.net>
Robert Metcalf wrote:
> > I know this isn't answering your specific question, but I just
> > have to think the methodology is flawed
> Possible, infact very proballe but I have joined a team who maintain a web
> server with lots of web sites. Due to political reasons, users can't add
> their own scripts the reason given being security. If I write a security
> script with permisisons to run, that takes a script without permissions to
> run, runs it and forwards an output it may result in the ppl in charge
> allowing users to write their own perl scripts, running them via my security
> script.
I'm not the one who is going to be able to teach module writing,
I've never done it either. I know there are examples on the web
and maybe in the Perl documentation, etc. In essence, all a module
is is a bit of code that you want to re-use easily. Like CGI.pm, eh?
Depending on what you are checking, CGI-ArgChecker is a good choice.
It can check all sorts of user input for all sorts of flaws. Now
if you want to check the actual source code for possible security
holes, it isn't up to that task. I personally can't think of any
module that already exists that will check syntax for security
errors. Maybe you can get your name on CPAN! =)
>
> Anyway, I would like to find out what is possible either way, so your help
> is apreacated.
You might also want to look at a C wrapper for the Perl code, as this
is another way to enhance security. A quick scan through the archives
on Deja for comp.infosystems.www.authoring.cgi should yield a bounty of
examples.
------------------------------
Date: Tue, 20 Jun 2000 13:36:51 -0700
From: Jon Ericson <Jonathan.L.Ericson@jpl.nasa.gov>
Subject: Re: Running another script
Message-Id: <394FD5E3.9DBDB6C8@jpl.nasa.gov>
Robert Metcalf wrote:
> #!/usr/bin/perl
You really should use strict mode, warnings and (since this is a CGI
script) taint checking.
> use CGI qw(param);
Good, you are using the CGI module.
> $RJM_script = param("script");
Style note: Some people prefer to use single quotes (') for simple
strings to emphasize the lack of variable interpolation.
> $Output_Buffer = "";
This is not needed since you set it again without using this value.
> if (CheckInput eq "YES") {
It would be better to have CheckInput return a true or false value
directly. That way you could get rid of the eq "YES" bit.
> $Output_Buffer = RunScript($RJM_script) #<- How do I run the script
> with all the
> #params this one
>
> #recieved apart from the script tag
If you are planning on running user supplied scripts, you really need to
know what you are doing. Please read perlsec immediately. Besides
teaching you about taint checking, it shows you a couple of ways of
running external programs.
> print $Output_Buffer;
> } else {
> ###code to pring error page
> };
>
> die;
Why do you die here? Perl 'Does the Right Thing' when it runs out of
commands to process.
> ##subs now
> sub CheckInput {
> $INPUTOK="YES";
> #code to check input
> #how do I recurse through all the parameters?
param called without an argument will give you the parameter list. See
perldoc CGI.
> return $INPUTOK
> };
Jon
--
Knowledge is that which remains when what is
learned is forgotten. - Mr. King
------------------------------
Date: Tue, 20 Jun 2000 13:28:59 -0700
From: stevel@coastside.net (Steve Leibel)
Subject: Re: socket help
Message-Id: <stevel-2006001329270001@192.168.100.2>
In article <394F6CAB.E5DA4E76@chipotle.org>, blogan@adnc.com wrote:
> I would like a client written in PERL to communicate via sockets to a
> server written in C. I have two pairs of client/server programs, one
> in C and one in PERL. The PERL cleint/server can talk to each other as
> can the C client/server. But, the PERL client cannot establish a socket
> with the C server, nor can the c client talk to the PERL server.
I didn't look at your code but Perl and C clients/servers interoperate
perfectly in general.
One suggestion I'd make on the Perl side would be to use recv() or
sysread() instead of <SOCKET>, and send() or syswrite() instead of
'print'. You are probably getting tangled up with the newlines that Perl
is automagically handling for you when you use angle brackets and print
for reading and writing sockets.
Steve L
------------------------------
Date: Tue, 20 Jun 2000 21:23:08 GMT
From: SPAM+tcuffel@exactis.com (Tim)
Subject: Re: Suggestions for returning a range of values
Message-Id: <8F599980Btcuffel@166.93.207.145>
chadbour@wwa.com (James Weisberg) wrote in <DVN35.6389$HD6.197781@iad-
read.news.verio.net>:
>Hello,
>
> I was wondering if someone could offer up any suggestions on how I
>might implement the following in Perl. I have a script which digs through
>a set of databases whose filenames are given by date in the form MMDDYYYY.
>The syntax for calling this script is pretty simple. It looks like:
>
> $ fetch object1,object2... MMDDYYYY,MMDDYYYY,...
>
> where both objects and dates specify the arguments for the set of
>records and dates that need to be fetched out of the databases. I would
>like to augment the syntax to support a range of dates as well:
>
> $ fetch object1,object2... 05012000-05072000,06012000-06072000
>
> would, for example, fetch records for the first week in May 2000 and
>the first week in June 2000. What I would like is a function which splits
>that argument above and creates an array with an element for each unique
>date. In this case there would be 14 date elements in the array for the
>two-week period given.
> The code to generate the date sequences will get a bit tricky for
>crossing month/year boundaries, like 12151999-01152000, but that is
>something I can handle myself. As a simpler case, perhaps a function
>which parses a line like "1-7,14-21" and then creates an array with
>those numbers in the range would be a start.
>
> Can anyone offer suggestions on how I might procede? Some of this
>is straightforward but its gets a bit more tricky for dates instead of
>numbers. The goal is to then be able to loop over all specific dates
>so that I can then pull out those records in the MMDDYYYY databases.
One approach is to use Julian dates. Create a couple routine to
convert from your format to days since some epoch, 1/1/1990, 1/1/1980,
anything suitably old. Then it is pretty simple:
# Warning - untested code fragment
my @dates;
for (split /,/, $date_string)
{
my ($start, $end) = split /-/;
$end ||= $start;
push @dates,
map { from_julian($_) } to_juilan($start) .. to_julian($end);
}
-T
------------------------------
Date: Tue, 20 Jun 2000 18:20:45 GMT
From: Dan Sugalski <dan@tuatha.sidhe.org>
Subject: Re: Translating from a code reference back to a function name
Message-Id: <1CO35.5119$Zg4.20835@news1.rdc1.ct.home.com>
aml <andrew.mclaren@swx.ch> wrote:
> We are porting some Perl logic from Unix to VMS. One of the modules
> supports the creation of arbitrary user specific daemon processes
> (typically used for transparently holding DB connections open for
> command based applications). This works by allowing the calling logic
> to declare arbitrary message handlers, then transparently forking a
> copy of itself when required to act as the daemon. Of course, on Unix
> the forked copy retains all the information on the handler routines (as
> code references) and how to activate them.
I think you're going to find this doesn't work too well. You're trying to
do what fork does without having fork available. You might want to look
into using a threaded model instead, though that has issues as well.
Alternately either getting the fake fork in 5.6.0 working on VMS
(shouldn't be that tough) or waiting until a version of VMS with fork
support (probably 7.3) comes out is an option, though there are delays
involved there, of course.
> I hadn't considered the issues of anonomous handlers, which would
> definitely work in the Unix case, but would not port to VMS.
These are probably pretty common (it's what I'd be tempted to do) along
with global variable usage and pre-initialized data and stuff. You'd
almost want to snag the coderef and dump it and all its visible lexical
data to the subprocess, which you can't really do at the moment.
Dan
------------------------------
Date: Tue, 20 Jun 2000 12:05:12 -0700
From: Ramesh Vadlapatla <rvadlapa@cisco.com>
Subject: Re: Viewing Multipart/Mixed messages
Message-Id: <394FC068.43CEFF2B@cisco.com>
To be more precise, how would I implement a web based mail viewer like how
hotmail, excite...etc provide using Perl. I am only looking at viewing the
message and not trying to implement any more features of a mail client.
I am not concerned with getting mail from the POP server.
The assumption is that I already have a mail message, which I then want to
display on a browser in a readable format. This mail might consist of a
multipart format.
What RFC's should I be looking at and are there any modules that do
something like this?
Thanks,
Ramesh
Tom Phoenix wrote:
> On Mon, 19 Jun 2000, Ramesh Vadlapatla wrote:
>
> > Let's say I have a multipart/mixed message that contains:
> > Content-Type: TEXT/PLAIN; charset=US-ASCII
> > and
> > Content-Type: APPLICATION/octet-stream; name="test.JPG"
> >
> > How would I display this file(message) in a browser and display both
> > Text as well as the jpg?
>
> Are you writing a browser in Perl? That's probably a poor choice.
>
> > I have the ability to pass it through a script(perl) before I display
> > it on the browser.
>
> > So what header information should I pass?
>
> What Perl problem are you trying to solve here? Are you trying to write a
> program which will tell a browser to do something? Perhaps you should
> search for the docs, FAQs, and newsgroups about browsers and how to talk
> to them.
>
> > Any pointers(modules) to implement this would be helpful.
>
> I often recommend strict.pm. :-) But if you want more modules, search
> CPAN.
>
> http://search.cpan.org/
>
> Cheers!
>
> --
> Tom Phoenix Perl Training and Hacking Esperanto
> Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Tue, 20 Jun 2000 12:06:20 -0700
From: Ramesh Vadlapatla <rvadlapa@cisco.com>
Subject: Re: Viewing Multipart/Mixed messages
Message-Id: <394FC0AC.108AA35B@cisco.com>
To be more precise, how would I implement a web based mail viewer like how
hotmail, excite...etc provide using Perl. I am only looking at viewing the
message and not trying to implement any more features of a mail client.
I am not concerned with getting mail from the POP server.
The assumption is that I already have a mail message, which I then want to
display on a browser in a readable format. This mail might consist of a
multipart format.
What RFC's should I be looking at and are there any modules that do
something like this?
Thanks,
Ramesh
Tom Phoenix wrote:
> On Mon, 19 Jun 2000, Ramesh Vadlapatla wrote:
>
> > Let's say I have a multipart/mixed message that contains:
> > Content-Type: TEXT/PLAIN; charset=US-ASCII
> > and
> > Content-Type: APPLICATION/octet-stream; name="test.JPG"
> >
> > How would I display this file(message) in a browser and display both
> > Text as well as the jpg?
>
> Are you writing a browser in Perl? That's probably a poor choice.
>
> > I have the ability to pass it through a script(perl) before I display
> > it on the browser.
>
> > So what header information should I pass?
>
> What Perl problem are you trying to solve here? Are you trying to write a
> program which will tell a browser to do something? Perhaps you should
> search for the docs, FAQs, and newsgroups about browsers and how to talk
> to them.
>
> > Any pointers(modules) to implement this would be helpful.
>
> I often recommend strict.pm. :-) But if you want more modules, search
> CPAN.
>
> http://search.cpan.org/
>
> Cheers!
>
> --
> Tom Phoenix Perl Training and Hacking Esperanto
> Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: 20 Jun 2000 21:09:17 GMT
From: db7654321@aol.comspamsux (David Bell)
Subject: Re: What's the difference between a hash and an array?
Message-Id: <20000620170917.06659.00002666@ng-fx1.aol.com>
>The usual way is to use a mutex; check CPAN to see if there are modules
>for dealing with them. If not, you can construct one using a shared file.
OK, the only module I could find looked like it was for Windows. I looked
through perldoc, and couldn't find any info about creating a shared file...
What is it? *Total perl newbie* Thanks
-------------------------
David Bell - Otherwise known as DB7654321
Remember to remove nospam, notrash or anything odd looking from my email
address. :)
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 3434
**************************************
