[22190] in Perl-Users-Digest
Perl-Users Digest, Issue: 4411 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Wed Jan 15 18:11:35 2003
Date: Wed, 15 Jan 2003 15:10:10 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Wed, 15 Jan 2003 Volume: 10 Number: 4411
Today's topics:
Re: save and run bytocode <ubl@schaffhausen.de>
Re: save and run bytocode <goldbb2@earthlink.net>
Re: security of open(TAR, "tar -cvf - $filelist|") <uri@stemsystems.com>
Re: sysopen problem Andrew Lee
Re: sysopen problem <nobull@mail.com>
Re: sysopen problem <neil@alaweb.com>
Re: sysopen problem <neil@alaweb.com>
Re: sysopen problem <neil@alaweb.com>
Re: sysopen problem (Ben Morrow)
Re: sysopen problem <neil@alaweb.com>
Re: Variable naming convention (Andrew Allaire)
Re: Variable naming convention <uri@stemsystems.com>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Wed, 15 Jan 2003 17:40:10 +0100
From: Malte Ubl <ubl@schaffhausen.de>
Subject: Re: save and run bytocode
Message-Id: <b0465e$2ho$1@news.dtag.de>
Barry wrote:
> Hi,
> Thanks for the response.
>
> A follow up question:
>
> I've seen tools which encrypt or pre-compile or something the Perl
> source so it can be distributed without giving away the source.
>
> The solution I saw seemed to be proprietary.
Those solutions (perl2exe and PerlApp, I think) don't compile your
program. They rather wrap in a small c program with a perl compiler embeded.
This is useful for easier distribution of applications. It will not
protect your source code.
This is inherently impossible, because the perl compiler will eventually
need the source to execute it, and even if you would distribute some
form of bytecode there would still be decompiler. If its in your memory,
people can look at it (DRM, Paladium, blabla).
->malte
--
srand 108641088; print chr int rand 256 for qw<J A P H>
------------------------------
Date: Wed, 15 Jan 2003 17:06:01 -0500
From: Benjamin Goldberg <goldbb2@earthlink.net>
Subject: Re: save and run bytocode
Message-Id: <3E25DB49.9CB66EFE@earthlink.net>
Malte Ubl wrote:
[snip]
> Besides not having to recompile the source code on each requests,
> mod_perl also saves you the fork to perl, which depending on the size
> of your source, gives the much greater speed up (+ it does many more
> optimizations).
Actually, the big advantage is not avoiding the *fork* to perl, it's
avoiding the *exec* to perl.
Starting a new process (fork) is very fast and lightweight on all modern
unices. However, loading a new program image from disk (exec) into that
newly started process is a major speed hit.
> mod_perl, however, has some pit falls if you are used to cgi
> scripting, so you should RTFM before you do anything serious.
Which is one reason to use mod_fastcgi -- it avoids most or all of the
pitfalls of mod_perl.
> ->malte
>
> --
> srand 108641088; print chr int rand 256 for qw<J A P H>
This prints "_+4-", which is probably not the right thing :)
(Actually, it prints chr(232).chr(191).chr(52).chr(202), but my
newsreader munges it when I try to paste in that garbage).
Although srand and rand don't use the same algorithms on all platforms,
you *could* have found a way to ensure that it would print normal ascii
characters on all platforms.
For example, on windows with ActiveState Perl, the following works:
srand(555385); print chr(ord('A')+rand 26) for <J A P H>;
And on other platforms, with different srand() and rand() functions, it
will likely print out 4 different letters -- but these will be ascii
letters, not "real" garbage.
PS: The qw in front of <J A P H> isn't necessary, at least on those perl
platforms which use it's own builtin glob() function.
--
$..='(?:(?{local$^C=$^C|'.(1<<$_).'})|)'for+a..4;
$..='(?{print+substr"\n !,$^C,1 if $^C<26})(?!)';
$.=~s'!'haktrsreltanPJ,r coeueh"';BEGIN{${"\cH"}
|=(1<<21)}""=~$.;qw(Just another Perl hacker,\n);
------------------------------
Date: Wed, 15 Jan 2003 17:18:44 GMT
From: Uri Guttman <uri@stemsystems.com>
Subject: Re: security of open(TAR, "tar -cvf - $filelist|")
Message-Id: <x7el7el4b3.fsf@mail.sysarch.com>
>>>>> "MZ" == Marek Zawadzki <mzawadzk@man.poznan.pl> writes:
MZ> Thank you for all your input.
MZ> Now here is what I've done to prevent malicious users from tampering with
MZ> my backup script by creating files with "evil" filenames:
MZ> 1. I prepare directory listing using:
MZ> opendir(DIR, $dir)
MZ> || abort("can't opendir $dir\n");
MZ> $dir_listing[<the two apropriate entries>] =~ /^\.{1,2}$/;
how can you filter . and .. before you do the readdir?
MZ> @dir_listing = readdir(DIR);
you can filter in one step:
@dir_listing = grep ! /^\.{1,2}$/, readdir(DIR);
MZ> 2. instead of taring stuff like shown in a topic I do:
MZ> $pid = open(TAR, "-|");
MZ> if (!($pid)) { # child
MZ> @my_arr = ("cf", "-", "--", @filelist);
MZ> exec("/bin/tar", @my_arr)
MZ> || die "can't exec program: $!";
MZ> # NOTREACHED
MZ> } else { # parent
MZ> while (($r = read(TAR, $buffer, $buff_size))) {
MZ> # etc.
MZ> }
MZ> }
MZ> # (@filelist is extracted from @dir_listing in [1.]
that looks ok. you can drop the else{} (keep the code itself) since the
if{} can never return. it just tidies up the code some.
and i like unless vs if( ! blah )
MZ> Now whatever file/directory I create (with ;, `, spaces, etc.) it works
MZ> just fine. I'm not doing metacharacter escaping at all.
that is the whole idea. bypass the shell and the security issue goes away.
question: if you are getting the filenames from a dir, why not just
start the tar from with that dir? i don't see the need for the readdir
unless you are doing more filtering than just . and ..
uri
--
Uri Guttman ------ uri@stemsystems.com -------- http://www.stemsystems.com
----- Stem and Perl Development, Systems Architecture, Design and Coding ----
Search or Offer Perl Jobs ---------------------------- http://jobs.perl.org
Damian Conway Perl Classes - January 2003 -- http://www.stemsystems.com/class
------------------------------
Date: Wed, 15 Jan 2003 12:09:57 -0500
From: Andrew Lee
Subject: Re: sysopen problem
Message-Id: <lh4b2v4h97drubvnk52frujt9n5i7758ci@4ax.com>
On Wed, 15 Jan 2003 08:12:07 -0600, "Neil Trenholm" <neil@alaweb.com>
wrote:
>Hi,
>
>Here is my perl -v output ... or the relevant bits anyhow...
>-----
>This is perl, v5.6.1 built for MSWin32-x86-multi-thread
>(with 1 registered patch, see perl -V for more detail)
>
>Copyright 1987-2001, Larry Wall
>
>Binary build 631 provided by ActiveState Tool Corp.
>http://www.ActiveState.com
>Built 17:16:22 Jan 2 2002
>-----
>
>running on a Win2K Server.
>
>This line
>
> sysopen(FH, $logfile, O_RDWR|O_CREAT) or die "can't open $logfile: $!";
>
>produces this error...
>
>Argument "O_SVWST" isn't numeric in sysopen at
>E:/Perl/site/lib/CreateYourWeb/Logger.pm line 91.
>can't open E:/admin/logs/test.log: No such file or directory at
>E:/Perl/site/lib/CreateYourWeb/Logger.pm line 91.
>I have strict and warnings turned on.
>
Hmmm ... that can't be good.
Try Posix ...
use Posix;
sysopen (FH, $logfile, &POSIX::O_RDWR | &POSIX::O_CREAT) or die ....
Does that help at all?
If all else fails you may have to grab the latest version of
ActiveState and try the code there.
HTH
------------------------------
Date: 15 Jan 2003 17:40:13 +0000
From: Brian McCauley <nobull@mail.com>
Subject: Re: sysopen problem
Message-Id: <u94r8ae2gy.fsf@wcl-l.bham.ac.uk>
"Neil Trenholm" <neil@alaweb.com> writes:
> Subject: sysopen problem
perldoc -f sysopen
Pay particular note to the first sentence in the second paragraph.
> sysopen(FH, $logfile, O_RDWR|O_CREAT) or die "can't open $logfile: $!";
> produces this error...
>
> Argument "O_SVWST" isn't numeric in sysopen at
> I have strict and warnings turned on.
You've realised that if you don't have strictures and warnings turned
on we'll just tell you to turn them on. So you claim they are on to
try to placate us.
But we can tell that what you are saying is not the truth.
If you did have strictures on it would have said:
Bareword "O_RDWR" not allowed while "strict subs" in use at...
Bareword "O_CREAT" not allowed while "strict subs" in use at...
Reading the explaination of this error in perldaig would possibly have
led you to the solution for yourself. Then again possibly it
wouldn't, the hint "Perhaps you need to predeclare a subroutine?"
is maybe a little obscure.
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: Wed, 15 Jan 2003 12:55:30 -0600
From: "Neil Trenholm" <neil@alaweb.com>
Subject: Re: sysopen problem
Message-Id: <v2bccrt9e7nfa1@corp.supernews.com>
"Anno Siegel" <anno4000@lublin.zrz.tu-berlin.de> wrote in message
news:b03tg3$c7l$2@mamenchi.zrz.TU-Berlin.DE...
> Neil Trenholm <neil@alaweb.com> wrote in comp.lang.perl.misc:
> > Hi,
> >
> > Here is my perl -v output ... or the relevant bits anyhow...
> > -----
> > This is perl, v5.6.1 built for MSWin32-x86-multi-thread
> > (with 1 registered patch, see perl -V for more detail)
> >
> > Copyright 1987-2001, Larry Wall
> >
> > Binary build 631 provided by ActiveState Tool Corp.
> > http://www.ActiveState.com
> > Built 17:16:22 Jan 2 2002
> > -----
> >
> > running on a Win2K Server.
> >
> > This line
> >
> > sysopen(FH, $logfile, O_RDWR|O_CREAT) or die "can't open $logfile:
$!";
> >
> > produces this error...
> >
> > Argument "O_SVWST" isn't numeric in sysopen at
>
> Googling for "O_SVWST" appears to show that this problem has been
> encountered before (in a Perl context). I didn't follow through
> to a possible solution, but I suppose there is one.
>
> (Our own Bart Lateur appears to have asked about this on some forum in
> 1998, so there has been time.)
>
> Anno
Thank you....for some reason (haste?) I did not find the solution the first
time I Googled - but did the 2nd time ....
use FCntl qw(:DEFAULT :flock);
Now I get
can't open E:/admin/logs/test.log: No such file or directory at
E:/Perl/site/lib/CreateYourWeb/Logger.pm line 91.
and I thought that was what the O_CREAT was for....
Thanks,
Neil
------------------------------
Date: Wed, 15 Jan 2003 13:33:27 -0600
From: "Neil Trenholm" <neil@alaweb.com>
Subject: Re: sysopen problem
Message-Id: <v2bdsu5vugna18@corp.supernews.com>
----- Original Message -----
From: "Brian McCauley" <nobull@mail.com>
Newsgroups: comp.lang.perl.misc
Sent: Wednesday, January 15, 2003 11:40 AM
Subject: Re: sysopen problem
> "Neil Trenholm" <neil@alaweb.com> writes:
>
> > Subject: sysopen problem
>
> perldoc -f sysopen
>
> Pay particular note to the first sentence in the second paragraph.
The possible values and flag bits of the MODE parameter are
system-dependent; they are available via the standard module
"Fcntl". See the documentation of your operating system's "open"
to see which values and flag bits are available. You may combine
several flags using the "|"-operator.
Upon rereading ....and 'use Fcntl qw(:DEFAULT :flock);' this particular
problem has gone away ... unfortunately it was only AFTER the code change I
realized what 'available via' in the 1st sentence meant. I got the fix from
a different source. What actually threw me sideways was the 2nd sentence. As
you (may) know - my OS includes little documentation - so that was/is a dead
end. I guess I had assumed that these constants were in the AS binaries.
> You've realised that if you don't have strictures and warnings turned
> on we'll just tell you to turn them on. So you claim they are on to
> try to placate us.
Ummm ... nope... I say it because they WERE turned on ;-)
> But we can tell that what you are saying is not the truth.
Errr.... wrong....
... and right.......
>
> If you did have strictures on it would have said:
>
> Bareword "O_RDWR" not allowed while "strict subs" in use at...
> Bareword "O_CREAT" not allowed while "strict subs" in use at...
I had previously got the Bareword warnings ... and I stuck 'no strict
'subs';' into the shortest possible enclosing enclosed block before it was
needed.
I did not state this in the OP.
My fault.
> Reading the explaination of this error in perldaig would possibly have
> led you to the solution for yourself. Then again possibly it
> wouldn't, the hint "Perhaps you need to predeclare a subroutine?"
> is maybe a little obscure.
>
Nope - that is crystal clear....
I appreciate your help.
Thanks,
Neil
------------------------------
Date: Wed, 15 Jan 2003 13:30:34 -0600
From: "Neil Trenholm" <neil@alaweb.com>
Subject: Re: sysopen problem
Message-Id: <v2bdstf4gn5v16@corp.supernews.com>
> Thank you....for some reason (haste?) I did not find the solution the
first
> time I Googled - but did the 2nd time ....
>
> use FCntl qw(:DEFAULT :flock);
>
> Now I get
>
> can't open E:/admin/logs/test.log: No such file or directory at
> E:/Perl/site/lib/CreateYourWeb/Logger.pm line 91.
>
> and I thought that was what the O_CREAT was for....
>
> Thanks,
> Neil
>
>
Well....(wipes egg off face) .... I had cut and pasted the 'use FCntl
qw(:DEFAULT :flock);' and unfortunately, the name FCntl should have been
Fcntl.
A simple 'typo' .. now fixed and all works as it should !
Thanks,
Neil
------------------------------
Date: Wed, 15 Jan 2003 21:43:32 +0000 (UTC)
From: mauzo@mimosa.csv.warwick.ac.uk (Ben Morrow)
Subject: Re: sysopen problem
Message-Id: <b04km4$fnd$1@wisteria.csv.warwick.ac.uk>
"Neil Trenholm" <neil@alaweb.com> wrote:
>From: "Brian McCauley" <nobull@mail.com>
>> If you did have strictures on it would have said:
>>
>> Bareword "O_RDWR" not allowed while "strict subs" in use at...
>> Bareword "O_CREAT" not allowed while "strict subs" in use at...
>
>
>I had previously got the Bareword warnings ... and I stuck 'no strict
>'subs';' into the shortest possible enclosing enclosed block before it was
>needed.
As you may by now have realized, there is little point in turning on strictures
if you turn them off whenever they tell you something :). You shouldn't turn
off strictures unless you know you're doing something clever and you know why
you need to turn off strictures to do it.
Ben
------------------------------
Date: Wed, 15 Jan 2003 16:41:13 -0600
From: "Neil Trenholm" <neil@alaweb.com>
Subject: Re: sysopen problem
Message-Id: <v2bovnpjcpr64c@corp.supernews.com>
> >I had previously got the Bareword warnings ... and I stuck 'no strict
> >'subs';' into the shortest possible enclosing enclosed block before it
was
> >needed.
>
> As you may by now have realized, there is little point in turning on
strictures
> if you turn them off whenever they tell you something :). You shouldn't
turn
> off strictures unless you know you're doing something clever and you know
why
> you need to turn off strictures to do it.
>
> Ben
Precisely and exactly !
Now for embarrassing part - how would a person fully qualify these constant
names, so as to avoid "no strict 'subs" ?
Thanks,
Neil
------------------------------
Date: 15 Jan 2003 10:55:08 -0800
From: Andrew.Allaire@na.teleatlas.com (Andrew Allaire)
Subject: Re: Variable naming convention
Message-Id: <6bdb91de.0301151055.403be97e@posting.google.com>
"J rgen Exner" <jurgenex@hotmail.com> wrote in message news:<Hx3V9.29498$%V.28678@nwrddc02.gnilink.net>...
> Andrew Allaire wrote:
> > falconflyr@snet.net (Pete) wrote in message
> > news:<4ca21189.0301140802.153b57a3@posting.google.com>...
> >> Is there a way to dynamically define a set of variable names such
> >> that the name itself consists of alpha and numeric characters, but
> [...]
> > I think you are going against camel hair here. Why not use an array?
> > But just for the sake of an obscure exercise you could handle it like
> > this:
> >
> > for (1..10) {
> > ${'name' . $_} = $_ ;
> > }
> >
> > print ( "name1 is $name1\n") ;
> > print ("name2 is $name2\n") ;
>
> If you feel the need to show symbolic references to someone who apparently
> doesn't know how to handle them, then it is gross negligent to not mention
> the FAQ and not to warn him about the dangers involved.
> To the OP: _please_(!) consult the FAQ on symbolic references before using
> the code above.
>
> jue
Thank you for mentioning the FAQ, but I have to take issue over it
being grossly negligent to give a snipet of code that does what the
person requested, when one proceeds it with warnings that it goes
agains camel hair, and is probably an obscure exercise, and that one
probably should be using an array. I was tempted to Not provide the
code, but then thought of the times I had requested some info from
people who lectured me about how I was doing it all wrong. Although I
can not think of a good reason for the request, I thought it better to
treat the person making it as an adult.
------------------------------
Date: Wed, 15 Jan 2003 19:40:38 GMT
From: Uri Guttman <uri@stemsystems.com>
Subject: Re: Variable naming convention
Message-Id: <x78yxmjj62.fsf@mail.sysarch.com>
>>>>> "AA" == Andrew Allaire <Andrew.Allaire@na.teleatlas.com> writes:
AA> "J rgen Exner" <jurgenex@hotmail.com> wrote in message news:<Hx3V9.29498$%V.28678@nwrddc02.gnilink.net>...
>> Andrew Allaire wrote:
>> > falconflyr@snet.net (Pete) wrote in message
>> > news:<4ca21189.0301140802.153b57a3@posting.google.com>...
>> >> Is there a way to dynamically define a set of variable names such
>> >> that the name itself consists of alpha and numeric characters, but
>> [...]
>> > I think you are going against camel hair here. Why not use an array?
>> > But just for the sake of an obscure exercise you could handle it like
>> > this:
>> >
>> > for (1..10) {
>> > ${'name' . $_} = $_ ;
>> > }
>> >
>> > print ( "name1 is $name1\n") ;
>> > print ("name2 is $name2\n") ;
>>
>> If you feel the need to show symbolic references to someone who apparently
>> doesn't know how to handle them, then it is gross negligent to not mention
>> the FAQ and not to warn him about the dangers involved.
>> To the OP: _please_(!) consult the FAQ on symbolic references before using
>> the code above.
>>
>> jue
AA> Thank you for mentioning the FAQ, but I have to take issue over it
AA> being grossly negligent to give a snipet of code that does what the
AA> person requested, when one proceeds it with warnings that it goes
AA> agains camel hair, and is probably an obscure exercise, and that one
AA> probably should be using an array. I was tempted to Not provide the
AA> code, but then thought of the times I had requested some info from
AA> people who lectured me about how I was doing it all wrong. Although I
AA> can not think of a good reason for the request, I thought it better to
AA> treat the person making it as an adult.
that is not a good assumption to make. the OP is not the only reader of
you post. showing a symref solution is bad form under ay circumstance
even if it is requested. there is only one real reason to use symrefs
and that is to access and modify the symbol table. using symrefs for
general purpose data structures is evil. the symbol table is just a tree
of hashes (and typeglobs) so there is no benefit to using it over a
regular tree of hashes. and with the regular tree you gain many things
including lexical scoping, OO, no action at a distance, no hard to find
bugs, etc.
so the camel hair comment was on target. there was no need to mung the
real symbol table in the OP's problem so showing a symref solution was a
poor answer. the OP may not know enough to realize that it is a bad
solution.
uri
--
Uri Guttman ------ uri@stemsystems.com -------- http://www.stemsystems.com
----- Stem and Perl Development, Systems Architecture, Design and Coding ----
Search or Offer Perl Jobs ---------------------------- http://jobs.perl.org
Damian Conway Perl Classes - January 2003 -- http://www.stemsystems.com/class
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 4411
***************************************
