[23141] in Perl-Users-Digest
Perl-Users Digest, Issue: 5362 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Thu Aug 14 18:12:15 2003
Date: Thu, 14 Aug 2003 15:10:13 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Thu, 14 Aug 2003 Volume: 10 Number: 5362
Today's topics:
Re: Problem with Net::AIM or Net::AOLIM through a firew <mfender9@mac.com>
Re: Question about "eval" security (Randal L. Schwartz)
Re: Question about "eval" security <erutiurf@web.de>
Re: Question about "eval" security (Randal L. Schwartz)
question about sigtrap! (Weirong Zhu)
single entry window with input being sent to 2..n xterm <robsjobs@hotmail.com>
sort multi-key hash by value and print out with key val (Antonio Quinonez)
Re: sort multi-key hash by value and print out with key <bharn_S_ish@te_P_chnologi_A_st._M_com>
Re: sort multi-key hash by value and print out with key <skuo@mtwhitney.nsc.com>
Re: strange error "Unsuccessful stat on filename " (Tad McClellan)
substr() as subroutine argument -> weird behaviour nobull@mail.com
Re: <bwalton@rochester.rr.com>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Thu, 14 Aug 2003 12:42:55 -0700
From: Miles Fender <mfender9@mac.com>
Subject: Re: Problem with Net::AIM or Net::AOLIM through a firewall
Message-Id: <3F3BE63F.98452250@mac.com>
Nevermind - I managed to figure it out. I replaced the call to open the AIM socket
in Net::AOLIM with a call to Net::HTTPTunnel... works a treat!
Miles Fender wrote:
> Hi,
>
> I have a perl program that sends off emails when databases go down, and I've
> been charged with enhancing it so that it sends AOL Instant Messages too.
>
> I've got hold of Net::AIM and Net::AOLIM from cpan, both of which work
> fine from home, they but don't have proxy support. I need my program to run
> from the office, where we have a corporate firewall in place, so I need to
> use an HTTP proxy to connect to AOL.
>
> I'm not a network programmer, so my knowledge of sockets is next to nothing.
> Has anyone ever tried modifying Net::AIM or Net:AOLIM to support this? I
> tried taking a look at the proxy implementation in LWP to see if I could pull some
> code from there, but I can't really understand what it's doing.
>
> Apologies if this isn't clear - I'm still a beginner at this.
>
> Thanks,
>
> Miles
------------------------------
Date: Thu, 14 Aug 2003 07:54:45 GMT
From: merlyn@stonehenge.com (Randal L. Schwartz)
To: "H. Nakanishi" <hisao@physics.purdue.edu>
Subject: Re: Question about "eval" security
Message-Id: <9e8816a0f356f748bf645f7797d2d953@news.teranews.com>
>>>>> "H" == H Nakanishi <hisao@physics.purdue.edu> writes:
H> I wish to use "eval" on a user input but want to make sure security is not
H> compromised. What I want is just to allow variable interpolation but not any
H> executions. Would something like:
H> eval qq/"$userinput"/;
H> work? As far as I could test it, it seems to do the job (i.e., does evaluate
H> any valid variables in $userinput but refuse to execute any commands in it.
H> (If I take the double quotes out, then it would execute commands - which is
H> very bad. I want to make sure that this is OK as far as security.
No. It won't.
$userinput = '@{[system q{rm -rf /}]}';
The perlfaq contains many ways to perform variable interpolation
without eval. And if you're about to invent Yet Another Templating
Solution, PLEASE PLEASE consult and consider reusing one of the
existing 52 implementations instead.
print "Just another Perl hacker,"
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
------------------------------
Date: Thu, 14 Aug 2003 21:57:34 +0200
From: Richard Voss <erutiurf@web.de>
Subject: Re: Question about "eval" security
Message-Id: <bhgpj9$llr$06$1@news.t-online.com>
H. Nakanishi wrote:
> I wish to use "eval" on a user input but want to make sure security is not
> compromised. What I want is just to allow variable interpolation but not any
> executions. Would something like:
>
Don't use eval, use something like
my %var = (
'foo' => ...,
'bar' => ...,
);
$userinput =~ s[ \$ ( \w+ ) ][ $var{ $1 } ]xeg;
If you want it more sophisticated, use an existing template engine that allows
access to various datastructures, object methods, basic programming (conditional
statements, loops), e.g. Template Toolkit. search.cpan.org!
> eval qq/"$userinput"/;
$userinput = q{
removing all your files returned ". system('rm -r /') . ", thanks
};
oops, and there are _lots_ of ways to do that.
>
> work? As far as I could test it, it seems to do the job (i.e., does evaluate
> any valid variables in $userinput but refuse to execute any commands in it.
You should invest more effort into developing good tests :)
--
sub{use strict;local$@=sub{select($,,$,,$,,pop)};unshift@_,(45)x 24,split q=8==>
55.52.56.49.49.55.56.49.49.53;do{print map(chr,@_[0..(@_/2-1)]),"\r";$@->(1/6)=>
push@_=>shift}for@_,++$|}->(map{$_+=$_%2?-1:1}map ord,split//,'u!`onuids!Qdsm!'.
'i`bjds') #my email-address is reversed! <http://fruiture.de>
------------------------------
Date: Thu, 14 Aug 2003 08:48:30 GMT
From: merlyn@stonehenge.com (Randal L. Schwartz)
To: Richard Voss <erutiurf@web.de>
Subject: Re: Question about "eval" security
Message-Id: <d5588bf1fffea596eceedb4ce2080c6d@news.teranews.com>
>>>>> "Richard" == Richard Voss <erutiurf@web.de> writes:
Richard> Don't use eval, use something like
Richard> my %var = (
Richard> 'foo' => ...,
Richard> 'bar' => ...,
Richard> );
Richard> $userinput =~ s[ \$ ( \w+ ) ][ $var{ $1 } ]xeg;
You don't need the "e" there, and it becomes less scary, if you simply:
$userinput =~ s[ \$ ( \w+ ) ][$var{ $1 }]xg;
print "Just another Perl hacker,"
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
------------------------------
Date: 14 Aug 2003 11:08:20 -0700
From: weirong@capsl.udel.edu (Weirong Zhu)
Subject: question about sigtrap!
Message-Id: <b6ed8fb0.0308141008.7deb25cd@posting.google.com>
I have a perl script, the main body of which is a for loop. In each
iteration the script use "system" to call outside exe to do some work.
The whole script may run very long time. Sometimes, I want to use
Ctrl+C to terminate the script. However, when I use ctrl+c, I can only
terminate the child process invoked by system, the script itself is
still running. Then I have to open another term to kill the script by
its pid.
Then I try to use sigtrap to catch the ctrl+c (SIGINT).
use sigtrap qw(handler mysig_handler normal-signals);
sub mysig_handler{
my($sig) = @_;
print "Caught a SIG$sig--shutting down\n";
die "Terminated by user: $!\n";
}
however, when I use ctrl+c, I still only kill the child process
invoked by system, the scripts still continue running.
Is there any solutions?
Thanks very much!
Regards,
Weirong
------------------------------
Date: Thu, 14 Aug 2003 15:02:30 -0600
From: "Rob Petty" <robsjobs@hotmail.com>
Subject: single entry window with input being sent to 2..n xterms simultaneously
Message-Id: <GNS_a.51$RW5.27094@news.uswest.net>
I am using a Linux box as a fill-in for a Sun Cluster "cluster console" machine. The only thing I am missing is the ability to
open three windows:
1 is a small window like a Perl/Tk with a simple text input box.
2 are normal xterm windows
Each xterm window can have direct text input individually, but the kicker is that typing in the smaller window with just the text
box sends the text to both xterm windows at the same time. (One entry for configuration info and any other valid CLI command, two
outputs)
Anyone know of a simple way to do this? I have searched google, but the terms I am using bring up 14billion hits and none in the
top 20 pages are related in any way. I seem to remember a perl/tk hack to do this but don't know where.
Thanks in advance!
Rob
------------------------------
Date: 14 Aug 2003 11:18:06 -0700
From: antquinonez@yahoo.com (Antonio Quinonez)
Subject: sort multi-key hash by value and print out with key value pairs
Message-Id: <6f8c5d17.0308141018.18e6deaa@posting.google.com>
I am trying to sort hash elements with the following structure:
%hashname{$npanxx}{$node}{$plan} = cost
so that i get plans ordered by lowest to greatest cost, in the format
of:
$npanxx:: $node :: $plan :: cost
i have the solution for SET 1(see below), where the second key ($node)
completes the hash member and gives me back what i want. I just can't
solve for the higher order hash. any help would be appreciated. sample
data for SET 1 and SET 2 and code for SET 1 follows:
%RS = ();
###SET 1
$RS{206231}{SEA} = 1.2;
$RS{206231}{NYC} = 11.2;
$RS{206231}{LAX} = 4.2;
$RS{206231}{CHI} = 10.2;
$RS{206254}{SEA} = 3.2;
$RS{206254}{NYC} = 11.2;
$RS{206254}{LAX} = 20.2;
$RS{206254}{CHI} = 15.2;
####SET 2
$RS{202211}{SEA}{plan_intel} = .2;
$RS{202211}{NYC}{plan_athlon} = 2;
$RS{202211}{LAX}{plan_duron} = 3;
$RS{202211}{CHI}{plan_pentium} = 2.5;
$RS{202200}{SEA}{plan_intel} =200;
$RS{202200}{NYC}{plan_athlon} = 20;
$RS{202200}{LAX}{plan_duron} =50;
$RS{202200}{CHI}{plan_pentium} = 100;
#### CODE ###
print "works for SET 1\n";
foreach $npanxx (sort keys %RS){
for $node (sort {$RS{$npanxx}{$a} <=> $RS{$npanxx}{$b}} keys %{
$RS{$npanxx} }) {
print "$npanxx :: $node :: $RS{$npanxx}{$node}\n";
}
print "\n";
}
------------------------------
Date: Thu, 14 Aug 2003 20:13:01 GMT
From: Brian Harnish <bharn_S_ish@te_P_chnologi_A_st._M_com>
Subject: Re: sort multi-key hash by value and print out with key value pairs
Message-Id: <pan.2003.08.14.20.13.31.225997@te_P_chnologi_A_st._M_com>
On Thu, 14 Aug 2003 11:18:06 -0700, Antonio Quinonez wrote:
> I am trying to sort hash elements with the following structure:
>
> %hashname{$npanxx}{$node}{$plan} = cost
>
> so that i get plans ordered by lowest to greatest cost, in the format
> of:
> $npanxx:: $node :: $plan :: cost
>
> i have the solution for SET 1(see below), where the second key ($node)
> completes the hash member and gives me back what i want. I just can't
> solve for the higher order hash. any help would be appreciated. sample
> data for SET 1 and SET 2 and code for SET 1 follows:
>
> %RS = ();
>
> ###SET 1
> $RS{206231}{SEA} = 1.2;
> $RS{206231}{NYC} = 11.2;
> $RS{206231}{LAX} = 4.2;
> $RS{206231}{CHI} = 10.2;
>
> $RS{206254}{SEA} = 3.2;
> $RS{206254}{NYC} = 11.2;
> $RS{206254}{LAX} = 20.2;
> $RS{206254}{CHI} = 15.2;
>
>
> ####SET 2
> $RS{202211}{SEA}{plan_intel} = .2;
> $RS{202211}{NYC}{plan_athlon} = 2;
> $RS{202211}{LAX}{plan_duron} = 3;
> $RS{202211}{CHI}{plan_pentium} = 2.5;
>
> $RS{202200}{SEA}{plan_intel} =200;
> $RS{202200}{NYC}{plan_athlon} = 20;
> $RS{202200}{LAX}{plan_duron} =50;
> $RS{202200}{CHI}{plan_pentium} = 100;
>
>
> #### CODE ###
> print "works for SET 1\n";
> foreach $npanxx (sort keys %RS){
> for $node (sort {$RS{$npanxx}{$a} <=> $RS{$npanxx}{$b}} keys %{
> $RS{$npanxx} }) {
> print "$npanxx :: $node :: $RS{$npanxx}{$node}\n";
> }
> print "\n";
> }
You were so close! You seemed to have the right idea, just needed to go
down 1 more level.
foreach my $npanxx (sort keys %RS) {
foreach my $node (sort keys %{$RS{$npanxx}}) {
foreach my $plan (sort { $RS{$npanxx}{$node}{$a} <=>
$RS{$npanxx}{$node}{$b} } (keys %{$RS{$npanxx}{$node}}) {
print join(" :: ", $npanxx, $node, $plan,
$RS{$npanxx}{$node}{$plan}), $/;
}
}
}
- Brian
------------------------------
Date: Thu, 14 Aug 2003 14:32:56 -0700
From: Steven Kuo <skuo@mtwhitney.nsc.com>
Subject: Re: sort multi-key hash by value and print out with key value pairs
Message-Id: <Pine.GSO.4.21.0308141428290.441-100000@mtwhitney.nsc.com>
On 14 Aug 2003, Antonio Quinonez wrote:
> I am trying to sort hash elements with the following structure:
>
> %hashname{$npanxx}{$node}{$plan} = cost
>
> so that i get plans ordered by lowest to greatest cost, in the format
> of:
> $npanxx:: $node :: $plan :: cost
>
> i have the solution for SET 1(see below), where the second key ($node)
> completes the hash member and gives me back what i want. I just can't
> solve for the higher order hash. any help would be appreciated. sample
> data for SET 1 and SET 2 and code for SET 1 follows:
>
> %RS = ();
>
> ###SET 1
> $RS{206231}{SEA} = 1.2;
> $RS{206231}{NYC} = 11.2;
> $RS{206231}{LAX} = 4.2;
> $RS{206231}{CHI} = 10.2;
>
> $RS{206254}{SEA} = 3.2;
> $RS{206254}{NYC} = 11.2;
> $RS{206254}{LAX} = 20.2;
> $RS{206254}{CHI} = 15.2;
>
>
> ####SET 2
> $RS{202211}{SEA}{plan_intel} = .2;
> $RS{202211}{NYC}{plan_athlon} = 2;
> $RS{202211}{LAX}{plan_duron} = 3;
> $RS{202211}{CHI}{plan_pentium} = 2.5;
>
> $RS{202200}{SEA}{plan_intel} =200;
> $RS{202200}{NYC}{plan_athlon} = 20;
> $RS{202200}{LAX}{plan_duron} =50;
> $RS{202200}{CHI}{plan_pentium} = 100;
>
>
> #### CODE ###
> print "works for SET 1\n";
> foreach $npanxx (sort keys %RS){
> for $node (sort {$RS{$npanxx}{$a} <=> $RS{$npanxx}{$b}} keys %{
> $RS{$npanxx} }) {
> print "$npanxx :: $node :: $RS{$npanxx}{$node}\n";
> }
> print "\n";
> }
>
Try:
my @values;
foreach my $npanxx (keys %RS) {
foreach my $node (keys %{$RS{$npanxx}}) {
foreach my $plan (keys %{$RS{$npanxx}{$node}}) {
push @values, [$npanxx, $node, $plan, $RS{$npanxx}{$node}{$plan}];
}
}
}
print map { (join " :: ", @$_[0..3]) . "\n" }
sort {$a->[3] <=> $b->[3]} @values;
--
Hope this helps,
Steven
------------------------------
Date: Thu, 14 Aug 2003 14:04:51 -0500
From: tadmc@augustmail.com (Tad McClellan)
Subject: Re: strange error "Unsuccessful stat on filename "
Message-Id: <slrnbjnnaj.7q8.tadmc@magna.augustmail.com>
Pitt <randy_chang@sohu.com> wrote:
> Unsuccessful stat on filename containing newline at
Did you look up that message in perldiag.pod?
=item Unsuccessful %s on filename containing newline
(W newline) A file operation was attempted on a filename, and that
operation failed, PROBABLY because the filename contained a newline,
PROBABLY because you forgot to chomp() it off. See L<perlfunc/chomp>.
--
Tad McClellan SGML consulting
tadmc@augustmail.com Perl programming
Fort Worth, Texas
------------------------------
Date: 14 Aug 2003 11:19:41 -0700
From: nobull@mail.com
Subject: substr() as subroutine argument -> weird behaviour
Message-Id: <4dafc536.0308141019.3af05a49@posting.google.com>
Earlier today, in comp.lang.perl, I <nobull@mail.com> wrote:
> This newsgroup does not exist (see FAQ). Please do not start threads
> here. Particuarly, not ones asking really interesting questions since
> it means most people don't get a chance to see them.
On refection, since the question was really interesting I've decided
to follow-up myself and cross-post to comp.lang.perl.misc where people
using correctly configured newsspools will be able to see it.
> jimdawson@myrealbox.com (Jim Dawson) wrote:
>
> > my @list = ("field1 field2 field3");
> >
> > sub stripws($)
> > {
> > $_[0] =~ s/\s//g;
> > return $_[0];
> > }
> >
> > foreach (@list)
> > {
> > my $x = stripws(substr($_,10,10));
> > print "$x\n";
> > }
>
> > You would expect $x to be equal to 'field2',
>
> No I wouldn't.
>
> > but instead $x is 'field2fiel'
>
> Yep, that is correct.
>
> > Is there something I am missing here or is this a bug?
>
> Excellent question!
>
> You are missing two totally separate things.
>
> The first is pretty basic. The elements of @_ are *aliases* not
> *copies* of the arguments passed to a subroutine.
>
> sub foo { $_[0] = 'Cooked' };
> my $q='Raw';
> foo($q);
> print "$q\n"; # Prints 'Cooked'
>
> The second is much more subtle. The substr() function in Perl does
> not, in fact, return a string. It returns a special thing - an SV
> with substr magic. Usually if you use substr() in a rvalue context
> you can ignore this subtlty.
>
> But if you make a reference or an alais to the value returned by
> substr() you cannot ignore it or, as you have found, strange things
> happen.
>
> my $s='xxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
> my $x = \substr($s,10,10); # Ref to SV with substr magic
> $s = '0123456789Wierd, eh??';
> print "$$x\n"; # Prints 'Wierd, eh?';
> $$x= 'Just totally crazy';
> print "$s\n"; # Prints '0123456789Just totally crazy?'
>
> $s = "field1 field2 field3";
> $$x =~ s/\s//g;
> print "$$x\n"; # Prints 'field2fiel'
>
> Weird, but not a bug.
------------------------------
Date: Sat, 19 Jul 2003 01:59:56 GMT
From: Bob Walton <bwalton@rochester.rr.com>
Subject: Re:
Message-Id: <3F18A600.3040306@rochester.rr.com>
Ron wrote:
> Tried this code get a server 500 error.
>
> Anyone know what's wrong with it?
>
> if $DayName eq "Select a Day" or $RouteName eq "Select A Route") {
(---^
> dienice("Please use the back button on your browser to fill out the Day
> & Route fields.");
> }
...
> Ron
...
--
Bob Walton
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 5362
***************************************
