[16195] in Perl-Users-Digest
Perl-Users Digest, Issue: 3607 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Mon Jul 10 19:54:31 2000
Date: Mon, 10 Jul 2000 16:54:08 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <963273248-v9-i3607@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Mon, 10 Jul 2000 Volume: 9 Number: 3607
Today's topics:
Re: The BackSpace character ("\b") - bug? <TheEx0rcist@fanclub.org>
Re: The BackSpace character ("\b") - bug? (John Harden Borwick)
Re: The BackSpace character ("\b") - bug? (Keith Calvert Ivey)
Re: The BackSpace character ("\b") - bug? <tina@streetmail.com>
Re: The BackSpace character ("\b") - bug? (brian d foy)
Re: The BackSpace character ("\b") - bug? (Tad McClellan)
Re: The BackSpace character ("\b") - bug? <uri@sysarch.com>
Re: The BackSpace character ("\b") - bug? (Abigail)
Re: The BackSpace character ("\b") - bug? (Abigail)
Re: The BackSpace character ("\b") - bug? <gellyfish@gellyfish.com>
Re: The BackSpace character ("\b") - bug? (Bart Lateur)
Re: The BackSpace character ("\b") - bug? (Keith Calvert Ivey)
Re: The BackSpace character ("\b") - bug? (Bart Lateur)
Re: The BackSpace character ("\b") - bug? (Abigail)
Re: The BackSpace character ("\b") - bug? (Kevin Reid)
Re: The BackSpace character ("\b") - bug? (Csaba Raduly)
Re: this annoying carriage return (David Efflandt)
Timeout Probleme with Apache on Windows NT 4 <prade@espace-formation.com>
Re: Timeout Probleme with Apache on Windows NT 4 <care227@attglobal.net>
tmp files and security (Robert C. Helling)
Re: tmp files and security (Malcolm Dew-Jones)
Re: tmp files and security <gellyfish@gellyfish.com>
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Mon, 3 Jul 2000 17:10:00 +0200
From: "TheEx0rcist" <TheEx0rcist@fanclub.org>
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <8jqabs$ka9$1@news5.isdnet.net>
> *slightly shocked* It's a question I can answer!
Hehe thanks a lot for the answer, I just thought the backspace character was
the same as the backspace key on my keyboard !! :-)
But is there an escaped character that behaves the same as my backspace key?
It is very cumbersome to use the substr() or chomp() functions when all you
want to do is just remove the last character in the output.
It is better to write something like :
$string = 'apples';
print "My $string\b is delicious";
Than to write :
$string2 = chop($string = 'apples');
print "My $string2 is tasteless";
... if you get the point :-)
If this is impossible to do with the current version of Perl, I think this
would be a nice implementation for future versions :)
--
TheEx0rcist
------------------------------
Date: 3 Jul 2000 19:42:20 GMT
From: jhborwic@unity.ncsu.edu (John Harden Borwick)
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <8jqqas$4r5$1@uni00nw.unity.ncsu.edu>
In article <8jqabs$ka9$1@news5.isdnet.net>,
TheEx0rcist <TheEx0rcist@fanclub.org> wrote:
>It is very cumbersome to use the substr() or chomp() functions when all you
>want to do is just remove the last character in the output.
>It is better to write something like :
>$string = 'apples';
>print "My $string\b is delicious";
>Than to write :
>$string2 = chop($string = 'apples');
>print "My $string2 is tasteless";
Your second code fragment is wrong. chop returns the last character chopped
and alters $string itself; your code prints "My s is tasteless".
If I were in your situation, I might write a function and call this function
inside my interpolated string. For the above example;
#!/usr/bin/perl -w
use strict;
sub strip_char
{
my $s = shift;
chop $s;
$s
}
my $string = 'apples';
print "My ${\strip_char($string)} is tasteless";
__END__
--
John Borwick
------------------------------
Date: Tue, 04 Jul 2000 00:27:48 GMT
From: kcivey@cpcug.org (Keith Calvert Ivey)
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <39612cb0.1375354@nntp.idsonline.com>
"TheEx0rcist" <TheEx0rcist@fanclub.org> wrote:
>It is better to write something like :
>$string = 'apples';
>print "My $string\b is delicious";
>
>Than to write :
>$string2 = chop($string = 'apples');
>print "My $string2 is tasteless";
>
>... if you get the point :-)
>
>If this is impossible to do with the current version of Perl, I think this
>would be a nice implementation for future versions :)
This has nothing to do with Perl. All Perl is doing is
constructing a string, and adding "\x08" (or chr(8) or ctrl-H or
whatever you want to call it) when you tell it to add "\b".
What the string looks like when you print it on your screen
depends on the software and hardware that's displaying
characters on your screen.
Why do you find yourself doing things like the above so often?
I rarely have to remove the last character of a string except
when it's a newline or something I've read from a file, and then
I just use chomp (not chop). In your example, why not do
something like this?
my $s = $apples == 1 ? '' : 's';
my $are = $apples == 1 ? 'is' : 'are;
print "My apple$s $are tasteless.";
Also, your code above doesn't work. The chop function modifies
its argument, so you want
chop $string;
print "My $string is tasteless.";
--
Keith C. Ivey <kcivey@cpcug.org>
Washington, DC
-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 80,000 Newsgroups - 16 Different Servers! =-----
------------------------------
Date: 4 Jul 2000 02:19:01 GMT
From: Tina Mueller <tina@streetmail.com>
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <8jrhik$15knk$5@ID-24002.news.cis.dfn.de>
hi,
Keith Calvert Ivey <kcivey@cpcug.org> wrote:
> "TheEx0rcist" <TheEx0rcist@fanclub.org> wrote:
>>$string = 'apples';
>>print "My $string\b is delicious";
>>
>>Than to write :
>>$string2 = chop($string = 'apples');
>>print "My $string2 is tasteless";
>>
> [...]
> I just use chomp (not chop). In your example, why not do
> something like this?
> my $s = $apples == 1 ? '' : 's';
> my $are = $apples == 1 ? 'is' : 'are;
> print "My apple$s $are tasteless.";
well, for that the following would be enough:
printf "My apple%s %s tasteless.",$apples==1?'':'s',$apples==1?'is':'are';
tina
--
http://tinita.de \ enter__| |__the___ _ _ ___
tina's moviedatabase \ / _` / _ \/ _ \ '_(_-< of
search & add comments \ \ _,_\ __/\ __/_| /__/ perception
"The Software required Win98 or better, so I installed Linux."
------------------------------
Date: Mon, 03 Jul 2000 23:08:22 -0400
From: brian@smithrenaud.com (brian d foy)
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <brian-ya02408000R0307002308220001@news.panix.com>
In article <8jrhik$15knk$5@ID-24002.news.cis.dfn.de>, news@tinita.de posted:
> well, for that the following would be enough:
> printf "My apple%s %s tasteless.",$apples==1?'':'s',$apples==1?'is':'are';
still too complicated :)
printf "My apple%s %s tasteless", $apples == 1 ? ('', 'is') : ('s', 'are');
--
brian d foy
CGI Meta FAQ <URL:http://www.smithrenaud.com/public/CGI_MetaFAQ.html>
Perl Mongers <URL:http://www.perl.org/>
------------------------------
Date: Mon, 3 Jul 2000 22:09:05 -0400
From: tadmc@metronet.com (Tad McClellan)
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <slrn8m2hq1.d5u.tadmc@magna.metronet.com>
On Mon, 3 Jul 2000 17:10:00 +0200, TheEx0rcist <TheEx0rcist@fanclub.org> wrote:
>
>It is very cumbersome to use the substr() or chomp() functions when all you
>want to do is just remove the last character in the output.
^^^^^^^ ^^^^^^ ^^^^^^^^^^^^^^
But using a backspace does not do what you just said
you want to do!
It does not remove a character at all.
It overwrites it (maybe).
>I think this
>would be a nice implementation for future versions :)
Let us know when you have the patch ready.
--
Tad McClellan SGML Consulting
tadmc@metronet.com Perl programming
Fort Worth, Texas
------------------------------
Date: Tue, 04 Jul 2000 03:39:02 GMT
From: Uri Guttman <uri@sysarch.com>
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <x7sntqr2cs.fsf@home.sysarch.com>
>>>>> "bdf" == brian d foy <brian@smithrenaud.com> writes:
bdf> In article <8jrhik$15knk$5@ID-24002.news.cis.dfn.de>,
bdf> news@tinita.de posted:
>> printf "My apple%s %s >> tasteless.",$apples==1?'':'s',$apples==1?'is':'are';
bdf> still too complicated :)
bdf> printf "My apple%s %s tasteless", $apples == 1 ? ('', 'is') : ('s', 'are');
golf anyone?
(there are many reductions i see but i can't fit them in the margins)
printf 'My apple%s tasteless', $apples == 1 ? ' is' : 's are' ;
note: there is no need for double quotes in the format string.
uri
--
Uri Guttman --------- uri@sysarch.com ---------- http://www.sysarch.com
SYStems ARCHitecture, Software Engineering, Perl, Internet, UNIX Consulting
The Perl Books Page ----------- http://www.sysarch.com/cgi-bin/perl_books
The Best Search Engine on the Net ---------- http://www.northernlight.com
------------------------------
Date: 04 Jul 2000 02:46:50 EDT
From: abigail@delanet.com (Abigail)
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <slrn8m334h.59a.abigail@alexandra.delanet.com>
TheEx0rcist (TheEx0rcist@fanclub.org) wrote on MMCDXCVIII September
MCMXCIII in <URL:news:8jq819$q16$1@news4.isdnet.net>:
^^ When I do : ' print "helloworld\b" ', it doesn't print "helloworl"
^^ But when I do : ' print "helloworl\bd" ', it does print "helloword" ' as
^^ expected.
^^
^^ This becomes annoying when it comes to more complex things like ' print
^^ "$a\b\b$b + 3 $c\b$d\b" ' etc...
^^
^^ Is there any reason why Perl should behave differently whever it is the last
^^ character that is "chopped" or a character in the middle of the string?
^^
^^ Thanks in advance for your help !
How it is displayed has nothing to do with Perl, but everything with
your output device.
Assuming you are watching this using a terminal with an addressable
cursor, and your terminal driver does the logical thing with backspace,
this is what happens.
The first print sends the characters "h", "e", "l", "l", "o", "w",
"o", "r", "l", "d", "BACKSPACE" to output, and that is directored to
your terminal driver. The driver makes the terminal print an "h",
advances the cursor, print an "e", advance the cursor, print an "l",
etc, till it advances the cursor, prints a "d", advances the cursor
AND THEN BACKS UP THE CURSOR. Hence, the cursor is back on the "d".
However, it's just a backspace. Backspace does not delete a character.
In the second print, it goes all the way the same. Then the "l" is printed,
the cursor advanced, then backspaced. And now the "d" is printed. But
that's printed at the same position the "l" is in, and hence, the "d"
replaces the "l".
So, the first print shows "helloworld", as there's nothing that will
replace the "d", and the second print shows "helloword", as the "d"
replaced the "l".
Abigail
--
tie $" => A; $, = " "; $\ = "\n"; @a = ("") x 2; print map {"@a"} 1 .. 4;
sub A::TIESCALAR {bless \my $A => A} # Yet Another silly JAPH by Abigail
sub A::FETCH {@q = qw /Just Another Perl Hacker/ unless @q; shift @q}
------------------------------
Date: 04 Jul 2000 03:07:22 EDT
From: abigail@delanet.com (Abigail)
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <slrn8m34b0.59a.abigail@alexandra.delanet.com>
Uri Guttman (uri@sysarch.com) wrote on MMCDXCIX September MCMXCIII in
<URL:news:x7sntqr2cs.fsf@home.sysarch.com>:
[] >>>>> "bdf" == brian d foy <brian@smithrenaud.com> writes:
[]
[] bdf> In article <8jrhik$15knk$5@ID-24002.news.cis.dfn.de>,
[] bdf> news@tinita.de posted:
[]
[] >> printf "My apple%s %s >> tasteless.",$apples==1?'':'s',$apples==1?'is':'
[]
[] bdf> still too complicated :)
[]
[] bdf> printf "My apple%s %s tasteless", $apples == 1 ? ('', 'is') : ('s', 'a
[]
[] golf anyone?
[]
[] (there are many reductions i see but i can't fit them in the margins)
[]
[] printf 'My apple%s tasteless', $apples == 1 ? ' is' : 's are' ;
printf "My apple%s tasteless", --$apples ? 'a are' : ' is';
[]
[] note: there is no need for double quotes in the format string.
I'd love to say (even if it doesn't win at golf):
use Lingua::EN::Inflect qw /:ALL/;
print inflect "My PL_N(apple,$apples) PL_V(be,$apples) tasteless";
Unfortunally, there seems to be a serious bug in Lingua::EN::Inflect,
when handling irregular verbs. In his cleverness in figuring out what
verb we deal with, Damian just returns the verb, without inflecting it.
It'll give me something to do on July 4th.... ;-)
Abigail
--
sub f{sprintf'%c%s',$_[0],$_[1]}print f(74,f(117,f(115,f(116,f(32,f(97,
f(110,f(111,f(116,f(104,f(0x65,f(114,f(32,f(80,f(101,f(114,f(0x6c,f(32,
f(0x48,f(97,f(99,f(107,f(101,f(114,f(10,q ff)))))))))))))))))))))))))
------------------------------
Date: 4 Jul 2000 09:22:58 +0100
From: Jonathan Stowe <gellyfish@gellyfish.com>
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <8js6t2$dvh$1@orpheus.gellyfish.com>
On Mon, 3 Jul 2000 17:10:00 +0200 TheEx0rcist wrote:
>> *slightly shocked* It's a question I can answer!
>
>
>
> Hehe thanks a lot for the answer, I just thought the backspace character was
> the same as the backspace key on my keyboard !! :-)
> But is there an escaped character that behaves the same as my backspace key?
>
> It is very cumbersome to use the substr() or chomp() functions when all you
> want to do is just remove the last character in the output.
>
You are not removing the last character in your output you're adding an
additional character to the end of your output - how your output device
might represent that character is down to the output device. If you
want to remove the last character remove the last character .
/J\
--
** This space reserved for venue sponsor for yapc::Europe **
<http://www.yapc.org/Europe/>
------------------------------
Date: Tue, 04 Jul 2000 16:06:17 GMT
From: bart.lateur@skynet.be (Bart Lateur)
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <39630b61.1283267@news.skynet.be>
Abigail wrote:
> use Lingua::EN::Inflect qw /:ALL/;
>
> print inflect "My PL_N(apple,$apples) PL_V(be,$apples) tasteless";
Heh? Does this do a function call in a doublequoted string?
--
Bart.
------------------------------
Date: Tue, 04 Jul 2000 16:39:12 GMT
From: kcivey@cpcug.org (Keith Calvert Ivey)
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <39631281.60217032@nntp.idsonline.com>
bart.lateur@skynet.be (Bart Lateur) wrote:
>Abigail wrote:
>
>> use Lingua::EN::Inflect qw /:ALL/;
>>
>> print inflect "My PL_N(apple,$apples) PL_V(be,$apples) tasteless";
>
>Heh? Does this do a function call in a doublequoted string?
That's what the "inflect" is there for. From the documentation:
Unfortunately the need to separate each subroutine call
detracts significantly from the readability of the resulting
code. To ameliorate this problem, Lingua::EN::Inflect
provides an exportable string-interpolating subroutine
(inflect($)), which recognizes calls to the various
inflection subroutines within a string and interpolates them
appropriately.
--
Keith C. Ivey <kcivey@cpcug.org>
Washington, DC
-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 80,000 Newsgroups - 16 Different Servers! =-----
------------------------------
Date: Tue, 04 Jul 2000 17:31:56 GMT
From: bart.lateur@skynet.be (Bart Lateur)
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <39640b97.1336654@news.skynet.be>
TheEx0rcist wrote:
>It is very cumbersome to use the substr() or chomp() functions when all you
>want to do is just remove the last character in the output.
You can append "\b \b".
Note that this will only work on fixed width font screens. And no, it
doesn't actually *remove* any characters from a string. Quite the
contrary.
--
Bart.
------------------------------
Date: 04 Jul 2000 14:20:34 EDT
From: abigail@delanet.com (Abigail)
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <slrn8m4bp8.59a.abigail@alexandra.delanet.com>
Bart Lateur (bart.lateur@skynet.be) wrote on MMCDXCIX September MCMXCIII
in <URL:news:39630b61.1283267@news.skynet.be>:
{} Abigail wrote:
{}
{} > use Lingua::EN::Inflect qw /:ALL/;
{} >
{} > print inflect "My PL_N(apple,$apples) PL_V(be,$apples) tasteless";
{}
{} Heh? Does this do a function call in a doublequoted string?
No, but print doesn't get the string
"My PL_N(apple,$apples) PL_V(be,$apples) tasteless", it gets
the return value of inflect().
Abigail
--
package Z;use overload'""'=>sub{$b++?Hacker:Another};
sub TIESCALAR{bless\my$y=>Z}sub FETCH{$a++?Perl:Just}
$,=$";my$x=tie+my$y=>Z;print$y,$x,$y,$x,"\n";#Abigail
------------------------------
Date: Tue, 4 Jul 2000 17:19:11 -0400
From: kpreid@attglobal.net (Kevin Reid)
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <1ed978b.1eerhehwvzhq2N%kpreid@attglobal.net>
Bart Lateur <bart.lateur@skynet.be> wrote:
> TheEx0rcist wrote:
>
> >It is very cumbersome to use the substr() or chomp() functions when all
> >you want to do is just remove the last character in the output.
>
> You can append "\b \b".
>
> Note that this will only work on fixed width font screens. And no, it
> doesn't actually *remove* any characters from a string. Quite the
> contrary.
Funny, print("intange\bible\n") seems to print "intangible\n" in my
MacPerl output window, which happens to be set to a non-monospaced font
at the moment...I'd say, rather, that it will only work on output
devices that support \b in the usual fashion.
--
Kevin Reid: | Macintosh:
"I'm me." | Think different.
------------------------------
Date: 6 Jul 2000 10:41:07 GMT
From: csaba_r@my-deja.com (Csaba Raduly)
Subject: Re: The BackSpace character ("\b") - bug?
Message-Id: <8F697FAFFquuxi@193.82.145.131>
04 Jul 2000: A formal bug report was sent to Seti@Home, because the
following message originated from abigail@delanet.com (Abigail) was
reported as containing signs of intelligence:
>TheEx0rcist (TheEx0rcist@fanclub.org) wrote on MMCDXCVIII September
>MCMXCIII in <URL:news:8jq819$q16$1@news4.isdnet.net>:
>^^ When I do : ' print "helloworld\b" ', it doesn't print
>"helloworl" ^^ But when I do : ' print "helloworl\bd" ', it does
>print "helloword" ' as ^^ expected.
>^^
>^^ This becomes annoying when it comes to more complex things like '
>print ^^ "$a\b\b$b + 3 $c\b$d\b" ' etc...
>^^
>^^ Is there any reason why Perl should behave differently whever it
>is the last ^^ character that is "chopped" or a character in the
>middle of the string? ^^
>^^ Thanks in advance for your help !
>
>
>How it is displayed has nothing to do with Perl, but everything with
>your output device.
>
>Assuming you are watching this using a terminal with an addressable
>cursor, and your terminal driver does the logical thing with
>backspace, this is what happens.
>
>The first print sends the characters "h", "e", "l", "l", "o", "w",
>"o", "r", "l", "d", "BACKSPACE" to output, and that is directored to
>your terminal driver. The driver makes the terminal print an "h",
>advances the cursor, print an "e", advance the cursor, print an "l",
>etc, till it advances the cursor, prints a "d", advances the cursor
>AND THEN BACKS UP THE CURSOR. Hence, the cursor is back on the "d".
>However, it's just a backspace. Backspace does not delete a
>character.
>
>In the second print, it goes all the way the same. Then the "l" is
>printed, the cursor advanced, then backspaced. And now the "d" is
>printed. But that's printed at the same position the "l" is in, and
>hence, the "d" replaces the "l".
>
>So, the first print shows "helloworld", as there's nothing that will
>replace the "d", and the second print shows "helloword", as the "d"
>replaced the "l".
>
>
>
>Abigail
>
Ex0rcist:
To put it simply: you can't "delete" a character once it's sent down
STDOUT's way. Redirect the output of your one-liners to a file, and
look into it with a hexdump-able viewer. You'll see what's going on.
"You can't uncook Thai pork once it's cooked". Similarly, you can't
take back a character you outputted.
--
Csaba Raduly, Software Developer (OS/2), Sophos Anti-Virus
mailto:csaba.raduly@sophos.com http://www.sophos.com/
US Support +1 888 SOPHOS 9 UK Support +44 1235 559933
Life is complex, with real and imaginary parts.
------------------------------
Date: 3 Jul 2000 15:25:55 GMT
From: efflandt@xnet.com (David Efflandt)
Subject: Re: this annoying carriage return
Message-Id: <slrn8m1c32.bnv.efflandt@efflandt.xnet.com>
On Mon, 03 Jul 2000, Mathieu DE LORENZI <madl@mb-consultants.fr> wrote:
>Hello,
>i've got a form on the site and a csv file on the server : the user fill the
>form and the informations must be write in the CSV file. The csv will be
>further imported in an excel file... That's why i want to substitute the
>"carriage return" an "new line" caracters : I've try this, but it doesn't
>work :
>
> $valeur =~ s/\n/ /g;
>
>The server is an unix machine running perl 5...
If you are talking about CGI forms, I think the only field that has line
endings in it is textarea and those are typically \r\n regardless of
browser OS. But just to be on the safe side you might want to consider
all possibilities:
$valeur =~ s/(\r\n?|\n)/ /g;
$valeur =~ s/\s+$//; # remove whitespace from end
--
David Efflandt efflandt@xnet.com http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://hammer.prohosting.com/~cgi-wiz/ http://cgi-help.virtualave.net/
------------------------------
Date: Fri, 7 Jul 2000 16:11:04 +0200
From: "Patrice Radé" <prade@espace-formation.com>
Subject: Timeout Probleme with Apache on Windows NT 4
Message-Id: <fBl95.1436$Id3.38828@tengri.easynet.fr>
Hello,
I used to install Apache on Linux, and I didn't have any problem.
Now I'm trying with Windows NT, and it works... until Apache crashes with a
" timeout" message.
Does anybody know about this problem ?
Thank you for your answers
Patrice Radé
------------------------------
Date: Fri, 07 Jul 2000 10:23:07 -0400
From: Drew Simonis <care227@attglobal.net>
Subject: Re: Timeout Probleme with Apache on Windows NT 4
Message-Id: <3965E7CB.EEE5FD0A@attglobal.net>
"Patrice Radé" wrote:
>
> Now I'm trying with Windows NT, and it works... until Apache crashes with a
> " timeout" message.
Apache is not part of the Perl distribution.
Linux is not part of the Perl distribution.
Windows NT is not part of the Perl distribution.
>
> Does anybody know about this problem ?
>
I bet someone in comp.infosystems.www.servers.ms-windows would.
And your message would even be on topic there.
(If you are more comfortable dealing in French, there is also
fr.comp.infosystems.www.serveurs)
Also, spend some time in
news.announce.newusers -and-
news.newusers.questions
Try to get a handle on the culture of the USENET before you go posting
to whatever group comes to mind.
------------------------------
Date: 3 Jul 2000 17:07:27 GMT
From: helling@x4u2.desy.de (Robert C. Helling)
Subject: tmp files and security
Message-Id: <slrn8m1i2f.1iqlj.helling@x4u2.desy.de>
Hi,
I was not satisfied by the banner pages our printers were printing
thus I tried to replace them. I found that there is shell script
called with some parameters (user name, file name, printer name etc)
that outputs a postscript file that is printed as a banner page.
So I replaced the script by a perl script that uses the arguments
to assemble a TeX file, tex and dvips the file and output it on STDOUT.
So far so good. But now I noticed that the script is run by the printer
demon with root privileges for some strange reason. So I dreamed up
the following security risk: Since the script composes a tmeporary
file for TeX to process, somebody might put a symlink to /etc/rhosts say
at the place where the temporary file will be produced and my
script follows the symlink and overwrites that file. Testing for existence
and symlinkyness is not a solution since that state might change
between the test and the open/write. I looked at open(2)'s manpage
but couldn't find an attribute that makes sure the file is not a symlink,
so I do not expect sysopen to be helpful here.
Of course, I could create the file in a directory that is not
writable by non root users,or I could cheuid to nobody but I wonder if
there is a general solution to thsi problem.
Robert
--
.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oO
Robert C. Helling Albert Einstein Institute Potsdam
Max Planck Institute For Gravitational Physics
and
2nd Institute for Theoretical Physics
DESY / University of Hamburg
Email helling@x4u2.desy.de Fon +49 40 8998 4706
<href=http://www.aei-potsdam.mpg.de/~helling>
------------------------------
Date: 4 Jul 2000 12:54:52 -0800
From: yf110@vtn1.victoria.tc.ca (Malcolm Dew-Jones)
Subject: Re: tmp files and security
Message-Id: <3962410c@news.victoria.tc.ca>
Robert C. Helling (helling@x4u2.desy.de) wrote:
: Hi,
: I was not satisfied by the banner pages our printers were printing
: thus I tried to replace them. I found that there is shell script
: called with some parameters (user name, file name, printer name etc)
: that outputs a postscript file that is printed as a banner page.
: So I replaced the script by a perl script that uses the arguments
: to assemble a TeX file, tex and dvips the file and output it on STDOUT.
: So far so good. But now I noticed that the script is run by the printer
: demon with root privileges for some strange reason. So I dreamed up
: the following security risk: Since the script composes a tmeporary
: file for TeX to process, somebody might put a symlink to /etc/rhosts say
: at the place where the temporary file will be produced and my
: script follows the symlink and overwrites that file. Testing for existence
: and symlinkyness is not a solution since that state might change
: between the test and the open/write. I looked at open(2)'s manpage
: but couldn't find an attribute that makes sure the file is not a symlink,
: so I do not expect sysopen to be helpful here.
: Of course, I could create the file in a directory that is not
: writable by non root users,or I could cheuid to nobody but I wonder if
: there is a general solution to thsi problem.
Can the perl script change its uid/guid to something with less privileges
before doing anything?
------------------------------
Date: 6 Jul 2000 10:02:48 +0100
From: Jonathan Stowe <gellyfish@gellyfish.com>
Subject: Re: tmp files and security
Message-Id: <8k1hvo$s00$1@orpheus.gellyfish.com>
On 3 Jul 2000 17:07:27 GMT Robert C. Helling wrote:
> Hi,
>
> I was not satisfied by the banner pages our printers were printing
> thus I tried to replace them. I found that there is shell script
> called with some parameters (user name, file name, printer name etc)
> that outputs a postscript file that is printed as a banner page.
>
> So I replaced the script by a perl script that uses the arguments
> to assemble a TeX file, tex and dvips the file and output it on STDOUT.
>
> So far so good. But now I noticed that the script is run by the printer
> demon with root privileges for some strange reason. So I dreamed up
> the following security risk: Since the script composes a tmeporary
> file for TeX to process, somebody might put a symlink to /etc/rhosts say
> at the place where the temporary file will be produced and my
> script follows the symlink and overwrites that file. Testing for existence
> and symlinkyness is not a solution since that state might change
> between the test and the open/write. I looked at open(2)'s manpage
> but couldn't find an attribute that makes sure the file is not a symlink,
> so I do not expect sysopen to be helpful here.
>
> Of course, I could create the file in a directory that is not
> writable by non root users,or I could cheuid to nobody but I wonder if
> there is a general solution to thsi problem.
>
>
Well yes this *might* happen ;-} Programs that are run as root should
always run with taint checking on - read perlsec for more on that. You
could change the UID of your program by setting $> to some lesser mortal
or you could check that the file you are about to clobber is not a
symnlink with the '-l' operator. Of course if you use IO::File::new_tmpfile
this is will not happen anyhow ...
/J\
--
yapc::Europe in assocation with the Institute Of Contemporary Arts
<http://www.yapc.org/Europe/> <http://www.ica.org.uk>
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 3607
**************************************
