[23478] in Perl-Users-Digest
Perl-Users Digest, Issue: 5692 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Tue Oct 21 18:05:48 2003
Date: Tue, 21 Oct 2003 15:05:09 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Tue, 21 Oct 2003 Volume: 10 Number: 5692
Today's topics:
-w <bmb@ginger.libs.uga.edu>
Re: -w <usenet@expires12.2003.tinita.de>
Re: commands, which is better <news@tedd.konge.net>
Re: Help me with is code <syscjm@gwu.edu>
Re: How do I make a standalone WIN32 executable from Pe <matt.NOyurekSP@AMwebloyalty.THANKScom>
Re: Installing DBD::Sybase on MAC <mpeppler@peppler.org>
Re: line to array convertion <bmb@ginger.libs.uga.edu>
Re: my first perl script! <pasdespam_desmond@zeouane.org>
Re: Old CGI scripts do not work under Mandrake 9.1 <ethan@draupnir.gso.saic.com>
Re: performance arrays vs hashes <Wolfgang_.fischer@lycos.de>
Re: performance arrays vs hashes <news@tedd.konge.net>
Re: Perl on AS400 (Joe Halbrook)
PGP in perl? (Susan Foster)
Re: Quick Perl question <michael.p.broida@boeing_oops.com>
Regular expressions when searching for string containin (Joe Halbrook)
Re: Regular expressions when searching for string conta <news@tedd.konge.net>
Re: Rookie: Constructing a large SQL INSERT statement <barbr-en@online.no>
Re: some help (James E Keenan)
Taint - having some real trouble here, taint/perl exper (Ben)
Re: Taint - having some real trouble here, taint/perl e <asu1@c-o-r-n-e-l-l.edu>
Re: Taint - having some real trouble here, taint/perl e <ddunham@redwood.taos.com>
Re: Taint - having some real trouble here, taint/perl e <flavell@ph.gla.ac.uk>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Tue, 21 Oct 2003 16:32:16 -0400
From: Brad Baxter <bmb@ginger.libs.uga.edu>
Subject: -w
Message-Id: <Pine.A41.4.58.0310211627160.15228@ginger.libs.uga.edu>
One of Abigail's signature lines:
perl -swleprint -- -_=Just\ another\ Perl\ Hacker
This one I actually got. Except for the '-w' part. Does -w serve a
specific function in this case over and above its usual one? Just a case
of an inquiring mind ...
Regards,
Brad
------------------------------
Date: 21 Oct 2003 21:01:01 GMT
From: Tina Mueller <usenet@expires12.2003.tinita.de>
Subject: Re: -w
Message-Id: <bn46qc$stk9a$1@ID-24002.news.uni-berlin.de>
Brad Baxter wrote:
> One of Abigail's signature lines:
> perl -swleprint -- -_=Just\ another\ Perl\ Hacker
> This one I actually got. Except for the '-w' part. Does -w serve a
> specific function in this case over and above its usual one? Just a case
> of an inquiring mind ...
i would translate it as: "look, it's also warnings-safe!"
--
http://www.tinita.de/ \ enter__| |__the___ _ _ ___
http://Movies.tinita.de/ \ / _` / _ \/ _ \ '_(_-< of
http://www.perlquotes.de/ \ \ _,_\ __/\ __/_| /__/ perception
-my address is currently unreachable due to the Swen.A virus-
------------------------------
Date: Tue, 21 Oct 2003 22:03:10 +0200
From: "Tedd Hansen" <news@tedd.konge.net>
Subject: Re: commands, which is better
Message-Id: <3f959161$1@news.broadpark.no>
Using the first one, Perl receives data directly and you process it line by
line.
Using the second method will give the OS (and Perl) a chance to buffer data
and write chunks to your variable.
The first example;
+ You can analyze data as it arrives
+ You can terminate the application at any time using close()
- Using the usual "while <>" eats much CPU, so not so good when receiving
big amounts of data that isn't meant for line-by-linbe processing (my
theory)
+ You can use (binmode() and) sysread() to simulate the second example
+ Lets you pipe data TO the command (| command)
The second example;
- Your application blocks until the command you are running terminates (can
be bypassed by alarm())
- You can't terminate the command you are running (unless you trace it's
PID)
- You must write your own process-line-by-line-code if required
- If the command returns loads of data, it eats up memory
+ Takes up less CPU in some cases where you don't want to process the
feedback line by line (my theory)
Also consider the more secure (in form of argument parsing):
system($cmd, $param1, $param2, @params)
and related
exec()
open(FH, "|-") (fork perl with a filehandle piped to STDINPUT and STDOUTPUT
of the child)
Remember when executing commands that a fork is actually a fork followed by
a complete overwrite of the program's code. This means that on operating
systems where Perl has problems with forking and signaling you need to
consider this. There are some simple workarounds, the most famous;
sub REAPER {
$waitedpid = wait;
}
$SIG{CHLD} = \&REAPER;
# Now execute commands or fork or something
"Robert Wallace" <robertw@nospam.acm.org> wrote in message
news:3F95465A.1C912A48@nospam.acm.org...
> i'm trying to run a system command like ls,dir,ping,uptime, etc...
>
> I tried the following two methods. both works. both produce the same
> output.
> is there a difference? is there a situation where I would use one over
> the other?
> I guess the open allows me to do more on-the-fly stuff.
> what else?
>
>
>
> # this one ##########################################################
> open (SYS, "/temp/uptime.exe |");
> while($the_sys = <SYS>){
> $the_sys =~ s/\015\012/<br>\015\012/g;
> print $the_sys . "<br>\n";
> }
> close (SYS);
>
>
> # and this one
> ##########################################################
> $sys=`/temp/uptime.exe`;
> $sys=~s/\015\012/<br>\015\012/g;
> print $sys;
------------------------------
Date: Tue, 21 Oct 2003 15:18:18 -0400
From: Chris Mattern <syscjm@gwu.edu>
Subject: Re: Help me with is code
Message-Id: <3F95867A.2090903@gwu.edu>
Tad McClellan wrote:
> Chris Mattern <syscjm@gwu.edu> wrote:
>
>>Public Interest wrote:
>
>
>>>>>I can put whatever address here.
>>>>
> ^^^^^^^^^^^^^^^^
> ^^^^^^^^^^^^^^^^
>
>
>>>Do you expect anyone to post a real email here to receive spams?
>>
>>Tad does.
>
>
>
> No I don't.
>
> I expect that a munged address will *look* munged so people do not
> waste time trying to reply via email.
>
I failed to express myself clearly. I meant simply that you post
without a munged email address, as I do.
Chris Mattern
------------------------------
Date: Tue, 21 Oct 2003 18:54:12 GMT
From: "Matt Yurek" <matt.NOyurekSP@AMwebloyalty.THANKScom>
Subject: Re: How do I make a standalone WIN32 executable from Perl?
Message-Id: <ohflb.22459$6j.2093670@news4.srv.hcvlny.cv.net>
"Jeff W" <perlnews@kwcpa.com> wrote in message
news:YNGdnbOgHIvevA6iRVn-jA@comcast.com...
> thanks James - I think you are saying I should run unix perl under
> cygwin and use the perlcc provided with that perl. Will that really
> give me a WIN executable?
On Windows, I use Perl2Exe from Indigostar. Works like a charm.
http://www.indigostar.com/perl2exe.htm
------------------------------
Date: Tue, 21 Oct 2003 11:08:50 -0700
From: "Michael Peppler" <mpeppler@peppler.org>
Subject: Re: Installing DBD::Sybase on MAC
Message-Id: <pan.2003.10.21.18.08.49.264815@peppler.org>
On Sun, 19 Oct 2003 22:51:51 -0700, Vijoy Varghese wrote:
> Hello Group,
>
> I want to access a MSSQL database(on WIN-NT) from my MAC.
> After some googling I found that for this I have to install
> DBD:Sybase. But before that I need to install the 'Sybase OpenClient
> Libraries' and then edit the SYBASE variablein CONFIG file of
> DBD:Sybase installation so that it points to the 'Sybase OpenClient
> Libraries'.
> So first of all I had to install the OpenClient libraries, for this
> after some googling i found that I can get it from
> http://linux.sybase.com. But with my little knowledge about Sybase, I
> was lost in that webpage and confused about what to download.
>
> Then again some googling and found this link
> http://www.linuxgazette.com/issue18/sybase.html, even though it is a
> bit aged page(most links are broken), I got the name
> 'ctlib-linux-elf.tar.gz'.
First, Sybase's OpenClient package doesn't work with MS-SQL 7.x or 2K.
Second, how could the *linux* version of OpenClient ever work on your
MacOSX box??? The underlying architecture is completely different!
Anyway - you should look at FreeTDS (http://www.freetds.org/) for a
library that will allow you to access MS-SQL from your MacOSX box.
Michael
--
Michael Peppler Data Migrations, Inc.
mpeppler@peppler.org http://www.mbay.net/~mpeppler
Sybase T-SQL/OpenClient/OpenServer/C/Perl developer available for short or
long term contract positions - http://www.mbay.net/~mpeppler/resume.html
------------------------------
Date: Tue, 21 Oct 2003 17:36:55 -0400
From: Brad Baxter <bmb@ginger.libs.uga.edu>
Subject: Re: line to array convertion
Message-Id: <Pine.A41.4.58.0310211734090.15228@ginger.libs.uga.edu>
arctan wrote:
> so if file looked like:
>
> tokpsf
>
> Then after script Id get:
>
> t
> o
> k
> p
> s
> f
perl -F// -ape '$"="\n";$_="@F"'
Regards,
Brad
------------------------------
Date: Tue, 21 Oct 2003 20:40:13 +0200
From: Desmond Coughlan <pasdespam_desmond@zeouane.org>
Subject: Re: my first perl script!
Message-Id: <c5bg61-t2i.ln1@zeouane.org>
le 20 Oct 2003 10:54:00 GMT, dans l'article <bn0es8$n7i$1@nets3.rz.RWTH-Aachen.DE>, Tassilo v. Parseval <tassilo.parseval@rwth-aachen.de> a dit ...
>>> I just started to learn perl and wrote my first program today
>> Just as a matter of interest..how long have you been doing Perl ? I ask
>> because I've been working with some Perl books and online tutorials for
>> about three months, now (on and off, admittedly, as I have other
>> priorities), and I can _just about_ understand 'hello world!'
>>
>> So if you tell me you started last week, I'm going to be _very_ depressed.
> Maybe he just started this morning. ;-)
>
> Anyway, those figures can't be sensibly compared. It depends on one's
> background for instance. Someone being familiar with programming, is
> likely to pick up Perl more quickly than someone who's not. On the other
> hand, sometimes prior knowledge can be in the way. A Java programmer
> might though understand the concepts but could have an inner reluctancy
> to accept them which could slow down his learning process.
Does writing space invaders on a ZX81 count ? :-)
> Anyway, keep reading this group...you'll learn by osmosis (things
> sneaking secretely into your mind). If not already done, you could also
> subscribe to the beginners@perl.org mailing-list which usually have
> discussions on a gentler level.
Yep, already subscribed...very helpful list. Actually, I was exaggerating
a bit: I can do filehandles, if-then-elseif, operators like '.' and 'x',
etc.
I have _great_ difficulty in remembering regex, but that will come with
time. :-)
--
Desmond Coughlan |desmond [at] zeouane [dot] org
http://www.zeouane.org/
------------------------------
Date: 21 Oct 2003 11:58:09 -0700
From: Ethan Brown <ethan@draupnir.gso.saic.com>
Subject: Re: Old CGI scripts do not work under Mandrake 9.1
Message-Id: <vrsmlmv2ny.fsf@draupnir.gso.saic.com>
>>>>> "Ceri" == Ceri Hankey <cerih@exportlink.ch> writes:
Ceri> Hi,
Ceri> I have a few CGI scripts that worked fine under mandrake 8.1 and apache
Ceri> 1.3.?, but having UPGRADED (ie not a new installation) to Mandrake 9.1
Ceri> and Apache 2.0, I keep on getting a 'file not found' error whwn I run
Ceri> the scripts - in var/log/httpd/error22.log.
Ceri> The CGI scripts appear to work fine when called via 'perl -d
Ceri> scriptname', but fail when called via a Web page.
Ceri> What has changed in Mandrake 9.1 vs 8.1? Is it Perl or Apache? and where?
Ceri> regards,
Ceri> Ceri Hankey
Hi Ceri--
As a fellow "victim" of updating my Mandrake box, I found that some
scripts were having problems because they started with
#!/usr/local/bin/perl
and the later Mandrake versions have perl at
#!/usr/bin/perl
Try running your scripts from the command-line instead of through the
webserver and see if that helps to identify the problem.
--Ethan Brown
--Keyboards: "The Fabulous Pelicans" (www.pelicans.com)
--In a band? Use http://www.WheresTheGig.com for free.
------------------------------
Date: Tue, 21 Oct 2003 21:51:58 +0200
From: Wolfgang Fischer <Wolfgang_.fischer@lycos.de>
Subject: Re: performance arrays vs hashes
Message-Id: <pan.2003.10.21.19.51.57.272362@lycos.de>
On Tue, 21 Oct 2003 14:23:57 +0000, Bernard El-Hagin wrote:
> sctommi@gmx.net (Thomas) wrote in
> news:5a1109df.0310210608.4d46b69d@posting.google.com:
>
>> hi,
>>
>> i dont know enough of perl to describe,
>> using hashes is better than using arrays...(or isnt so ?)
>
>
> You can't really say that using hashes is better than using arrays. It
> depends on what you want to do. What *do* you want to do?
>
>
> Basically, using hashes is better when a hash is what you need. Using an
> array is better when an array is what you need. That's all there's to it.
> Read about both in
>
>
> perldoc perlvar
perldoc perlvar describes the predefined variables. perldoc perldata
describes the different variable types.
>
>
> And tell us what you're trying to accomplish and maybe we can help you
> decide what to use.
>
>
> Cheers,
> Bernard
------------------------------
Date: Tue, 21 Oct 2003 22:14:12 +0200
From: "Tedd Hansen" <news@tedd.konge.net>
Subject: Re: performance arrays vs hashes
Message-Id: <3f9593f7$1@news.broadpark.no>
Sometimes this is true, sometimes it is not...
As the other postings said, comparing two datatypes isn't that easy. All for
it's use.
But that aside;
Often when you are working with large amounts of elements and don't know
their exact position in the array you need to find them. This often includes
searching them one by one. In this case if you where using hashes you'd find
them right away (search algorithms that uses WAY less CPU than searching the
elements one by one). (There are other advantages as well, the most obvious;
hashes are (key1->data1,key2->data2) while arrays are (data1, data2))
Hovewer, using hashes you loose the order they where added. Hashes rely on
putting the data "where it fits", for fast retrival. (Kind of like filing
"Abraham" under "A") So hashes is useless if you depend on a certain order
in things, unless you use the hash data.
There are many other things to consider, it's probably best if you read up
on perl datatypes... :)
http://www.perldoc.com/perl5.6/pod/perldata.html
- Tedd
"Thomas" <sctommi@gmx.net> wrote in message
news:5a1109df.0310210608.4d46b69d@posting.google.com...
> hi,
>
> i dont know enough of perl to describe,
> using hashes is better than using arrays...(or isnt so ?)
> i dont know how to ask some 'google' machine for this kind of question,
> but i hope we have some "perl guru's" here, whose like to answer
>
> best regards
> Thomas
------------------------------
Date: 21 Oct 2003 13:14:19 -0700
From: halbrook@keitzer.com (Joe Halbrook)
Subject: Re: Perl on AS400
Message-Id: <3268a75d.0310211214.12d00ca3@posting.google.com>
I'd love to know what is required to install Perl (and Perl
modules) on an AS400. I know you have to manipulate the HTTP Server,
as well. I've used Perl on UNIX/Linux, but not on the AS400. I've
been developing on the AS400 (in RPG) since it hit the market.
Joe Halbrook
------------------------------
Date: 21 Oct 2003 12:02:53 -0700
From: susan_foster@rinkworks.com (Susan Foster)
Subject: PGP in perl?
Message-Id: <8b231359.0310211102.36e78587@posting.google.com>
I've been scanning several of the previous posts to this group, and
have tried several methods, but I have been unsuccessful in all my
attempts to be able to PGP encrypt a file from a .pl.
First try was by using PGPSimple - before I go any further, I'll
mention that I am running this program on a Linux box (shouldn't make
a difference, but thought I would say it to be complete). Anyway, I
basically took the CPAN man page example, set them with my settings,
and tried to encrypt. After many adjustments, I have had the program
run - but received no output. Below is what I have set (with
strategic changes for privacy, of course):
use Crypt::PGPSimple;
my $pgp_config_files = "~/.pgp";
my $pgp_version = "6.5.8";
my $pgp_path = "/usr/bin/pgp";
my $pgp_temp_file_path="/tmp/";
$ENV{"PGPPATH"} = $pgp_config_files;
my ($objPGP) = new Crypt::PGPSimple;
$objPGP->Version($pgp_version);
$objPGP->PgpExePath($pgp_path);
$objPGP->PgpKeyPath("$pgp_config_files");
$objPGP->PgpTempDir($pgp_temp_file_path);
my $pgp_public_key_user_id="blah\@blah.com";
my $output_file = "$outfile" . ".pgp";
my $plain_text_message = `cat $outfile`;
$objPGP->PublicKey($pgp_public_key_user_id);
$objPGP->PlainText($plain_text_message);
$objPGP->Encrypt;
my $encrypted_message = $objPGP->EncryptedText;
print "Message:$encrypted_message\n";
The program runs, but nothing comes out of the encryption - I don't
get anything at all.
I also tried an example from this group, which uses open2 - it seems
to use options that are not valid for my version of PGP, and I can't
figure out what are the comparable options in my version.
I hate to be vague - if I need to give more detail, please let me know
- I'd love to get any sort of help - I've been bashing my head over
this for 2 days!
Susan
------------------------------
Date: Mon, 20 Oct 2003 22:45:01 GMT
From: "Michael P. Broida" <michael.p.broida@boeing_oops.com>
Subject: Re: Quick Perl question
Message-Id: <3F94656D.CF963ECE@boeing_oops.com>
Anand wrote:
>
> I tried this but doesn't work. Could you please tell me where is glitch.
> --
> #!/usr/bin/perl
>
> (fork() || die "Cannot fork: $!") && exit;
>
> $num = "12345";
> $res = substr ($num, 0, 3);
> print "$res\n";
> --
1) How "doesn't work"??? What DOES it do? Error messages?
Does it get to the "print" statement? Did you use
"use strict" and "use warnings"?
2) You didn't do what Abigail told you to do. (I don't know if
Abigail was right or wrong, but ... <grin>) You used
parens on the "fork" statement; Abigail did not. Does
it work without the parens?? Abigail also used "//" where
you have "||"; I don't know if that was a typo or not,
but I suspect it was.
3) Top posting doesn't bother me, but many of the real gurus
here dislike it enough to not help topposters. So don't
top post if you want to get quality (better than mine
<grin>) help.
Mike
------------------------------
Date: 21 Oct 2003 11:51:43 -0700
From: halbrook@keitzer.com (Joe Halbrook)
Subject: Regular expressions when searching for string containing brackets or parans ..
Message-Id: <3268a75d.0310211051.7ba600a0@posting.google.com>
I am trying to search a string that may contain brackets or parenthesis.
Could someone suggest a way to do this such that the seacrh will not
fail, when the string search does contain the special character, i.e.
if ($searchstring =~ /$_/i) {
when $searchstring and $_ may contain a string with a [, ], (, or ) character?
Much thanks, in advance.
Joe Halbrook
------------------------------
Date: Tue, 21 Oct 2003 21:41:35 +0200
From: "Tedd Hansen" <news@tedd.konge.net>
Subject: Re: Regular expressions when searching for string containing brackets or parans ..
Message-Id: <3f958c52$1@news.broadpark.no>
From the manual;
if ($searchstring =~ /\Q$_\E/i) {
it quotes the string correctly before processing the regex
- Tedd
"Joe Halbrook" <halbrook@keitzer.com> wrote in message
news:3268a75d.0310211051.7ba600a0@posting.google.com...
> I am trying to search a string that may contain brackets or parenthesis.
> Could someone suggest a way to do this such that the seacrh will not
> fail, when the string search does contain the special character, i.e.
>
> if ($searchstring =~ /$_/i) {
>
> when $searchstring and $_ may contain a string with a [, ], (, or )
character?
>
> Much thanks, in advance.
>
> Joe Halbrook
------------------------------
Date: Tue, 21 Oct 2003 23:16:47 +0200
From: Kåre Olai Lindbach <barbr-en@online.no>
Subject: Re: Rookie: Constructing a large SQL INSERT statement
Message-Id: <218bpvcatefp2h8jcbb8itpnq8vij19rrm@4ax.com>
On Tue, 21 Oct 2003 00:54:44 +0200, Tore Aursand <tore@aursand.no>
wrote:
>On Mon, 20 Oct 2003 09:43:53 -0700, nobull wrote:
>>> $stInsert->finish();
>
>> Unnecessarly calling finish() on DBI statement handles is, IMHO, a bad
>> habit.
>
>Really? Hmm. I started using DBI about 5 years ago, and I remember
>having a problem with "something" which didn't go away until I added the
>call to those finish() methods.
According to dbi-docs is finish() meant to be used seldomly, and
"indicates that no more data will be _fetched_ from this statement
handle" (my _underline marking_). Usually only needed when one need to
end fetching a select-statement before all rows are fetched.
What I have had problem with is, when connected MS SQL-server,
without "AutoCommit", is that even select-statements need commit(),
while PostgreSQL and others only need this when executing
insert/upgrade and alike statements.
--
mvh/Regards
Kåre Olai Lindbach
------------------------------
Date: 21 Oct 2003 12:18:55 -0700
From: jkeen@concentric.net (James E Keenan)
Subject: Re: some help
Message-Id: <b955da04.0310211118.61662664@posting.google.com>
harteta@teleandina.net (Hernan) wrote in message news:<895432a7.0310210637.23ec43c8@posting.google.com>...
> > [snip]
> > > This formats repeat in every call, my problem comes when I try to fit
> > > all this 3 lines in one line (I can parse 1 string), the data in line
> > > 2 and 3 starts after "&".
> >
> Sorry, when I post this the format change
> this are 3 lines (first start whit N the second and third with " &")
>
>
> N 074 00 3534 A006028 10/16 09:19:36 00:07:24.0 A95214897
> & 000 000
> & 000
Okay, so now we know what the incoming data looks like? What elements
of this data do you wish to capture?
Whichever parts you wish to capture, if each incoming data record
consists of a multi-line string, to capture the parts you will
probably use a Perl regular expression which uses the '/s' modifier.
This allows the '.' wildcard to match the newline '\n' character and
hence permits matching over a multi-line string.
HTH
jimk
------------------------------
Date: 21 Oct 2003 13:11:24 -0700
From: 2stormts@nemontel.net (Ben)
Subject: Taint - having some real trouble here, taint/perl experts, please help
Message-Id: <5c8f38ff.0310211211.673eb1b1@posting.google.com>
I have a .PL script that is attempting to invoke an external command
once launched from a web page. The command takes quite a while to run
(could be hours), so it is important that it detach so the user can
come back later. The command generates result webpages elsewhere. This
command also takes some parameters. The environment is 100% secure,
non-internet connected intranet, there are NO security issues, so
please refrain from telling me how wonderful taint is and that I
should be using it, because in this case, it... taint so darned
wonderful, it's just a pain in the tush. :) I understand why I might
want taint under other circumstances, even most other circumstances...
It just doesn't apply here at all.
I'll explain everything I can think of:
Under perl 5 and redhat 6.0, this was no problem. Under perl 5.8.0 and
redhat 9, perl would not invoke the command, in a manner that leads me
to think it was a result of taint being on.
This creates the command string I want:
$cmd = "/usr/src/client/client $p1 $p1 $p3 $p4 &";
Then:
system($cmd);
...would invoke it under RH6 and P5.0, and all was well.
Now, under RH9 and P5.8 (or the apache perl module, which I suspect is
actually handling this), perl is acting like taint is on (I didn't
turn it on, and I can't find where it's turned on, more on that in a
bit.) So, as instructed in the perl faq, I attempt to un-taint the
variable:
$cmd =~ /(.*)/;
...then either:
$cmd = $1;
system($cmd);
...or
system($1);
...but neither one works - the command is not invoked. Still acts like
it is tainted.
This works (as indicated by the faq, because the command isn't coming
from a variable), but does not detach (is there a way to MAKE it
detach?):
system("/usr/src/client/client",$p1,$p2,$p3,$p4);
...because it does not detach, the perl script still hangs the web
page, the web page eventually times out, which also (sigh) stops the
command 'client' from executing for some reason.
This also times out and kills the web page AND the running command
'client':
exec("/usr/src/client/client",$p1,$p2,$p3,$p4);
exit;
Now, about taint apparently being on. The shebang line in my script is
vanilla, just says #!/usr/bin/perl
The /etc/httpd/conf.d/perl.conf file does NOT contain a command to
turn on taint, just commented out areas and the single lonely command:
LoadModule perl_module modules/perl.so
the /etc/httpd/conf/httpd.conf file contains no reference to perl at
all, other than a remark about pl being a language extension.
I am running in a non-secure server, and so httpd.conf is the place
where I would expect to find such a command (assuming it wasn't in
conf.d/perl.conf, of course.)
So I have these questions:
1) Is there a way I can un-taint the $cmd variable so I can run it
just this way:
$cmd = "/usr/src/client/client $p1 $p1 $p3 $p4 &";
#un-tainting magic supposedly like: $cmd =~ /(.*)/; $cmd = $1;)
system($cmd);
2) Why is taint on in the first place, since there is no -T flag, and
no command I can find to the webserver and hence to the embedded perl
interpreter?
As I mentioned at the start of this missive, this used to work fine on
an older system. The reason we're trying to move it to the newer
system is the newer system is one heck of a lot faster, and this is a
really compute-intensive process. I'm highly motivated, but equally
confused at this point. :(
I would really, really appreciate some insight into this. Thanks in
advance.
Ben
------------------------------
Date: 21 Oct 2003 20:21:50 GMT
From: "A. Sinan Unur" <asu1@c-o-r-n-e-l-l.edu>
Subject: Re: Taint - having some real trouble here, taint/perl experts, please help
Message-Id: <Xns941BA67685B38asu1cornelledu@132.236.56.8>
2stormts@nemontel.net (Ben) wrote in news:5c8f38ff.0310211211.673eb1b1
@posting.google.com:
> I have a .PL script that is attempting to invoke an external command
...
> Under perl 5 and redhat 6.0, this was no problem. Under perl 5.8.0 and
> redhat 9, perl would not invoke the command, in a manner that leads me
> to think it was a result of taint being on.
What is the error message?
Sinan.
------------------------------
Date: Tue, 21 Oct 2003 20:59:33 GMT
From: Darren Dunham <ddunham@redwood.taos.com>
Subject: Re: Taint - having some real trouble here, taint/perl experts, please help
Message-Id: <V6hlb.2509$wY3.1498@newssvr25.news.prodigy.com>
Ben <2stormts@nemontel.net> wrote:
> system($1);
> ...but neither one works - the command is not invoked. Still acts like
> it is tainted.
What leads you to think that it "acts like it is tainted"? What error
messages are you getting?
> This works (as indicated by the faq, because the command isn't coming
> from a variable), but does not detach (is there a way to MAKE it
> detach?):
> system("/usr/src/client/client",$p1,$p2,$p3,$p4);
No. Because this avoids the shell (the purpose), you can't tell the
shell to run it in the background.
More and more I begin to suspect that this isn't the result of tainting
at all...
However, if you want to "detach" it, either run it in a shell
explicitly..
("/usr/bin/sh","-c","/usr/src/client/client",$p1,$p2,$p3,$p4,&)
or fork/exec yourself.
unless (fork) # no error checking here..
{ # this is the child
exec("/usr/src/client/client",$p1,$p2,$p3,$p4);
}
# only parent reaches here...
> This also times out and kills the web page AND the running command
> 'client':
> exec("/usr/src/client/client",$p1,$p2,$p3,$p4);
> exit;
That exit line is never executed. The perdoc on exec will tell you
why. If you want to do that, use a fork as above.
> So I have these questions:
> 1) Is there a way I can un-taint the $cmd variable so I can run it
> just this way:
Why do you think it's tainted?
--
Darren Dunham ddunham@taos.com
Unix System Administrator Taos - The SysAdmin Company
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
------------------------------
Date: Tue, 21 Oct 2003 22:29:30 +0100
From: "Alan J. Flavell" <flavell@ph.gla.ac.uk>
Subject: Re: Taint - having some real trouble here, taint/perl experts, please help
Message-Id: <Pine.LNX.4.53.0310212124160.9628@ppepc56.ph.gla.ac.uk>
On Tue, 21 Oct 2003, Ben wrote:
> I have a .PL script that is attempting to invoke an external command
> once launched from a web page.
Yeah, but your real trouble seems to be that you're woffling on about
generalities when it appears you might have a real problem, but with
some real problem symptoms that you haven't told us about.
Is it perhaps that you haven't found out how to get errors back from
your server-side process yet? That's something worth learning
(check CGI::Carp, fatals to browser, etc.)
> The command takes quite a while to run
> (could be hours), so it is important that it detach so the user can
> come back later.
OK: nothing that hasn't been discussed before - but this seems to
be a bit tangential to what's going wrong...
> I understand why I might
> want taint under other circumstances, even most other circumstances...
> It just doesn't apply here at all.
I think you're misguided. Taint can protect against *unintended*
nasty accidents as well as against deliberate misuse. I'd need much
more backing than what you've given here before I'd want to dispense
with it, and that's -assuming- a limited user base with generally good
intentions.
> This creates the command string I want:
>
> $cmd = "/usr/src/client/client $p1 $p1 $p3 $p4 &";
>
> Then:
>
> system($cmd);
You appear to be asking for shell expansion, which could potentially
be a problem. Maybe you want the multiple arguments form of system()
(oh, right, you do that later... but actually I think you'd really
want to fork() explicitly)
> Now, under RH9 and P5.8 (or the apache perl module, which I suspect is
> actually handling this),
You're using mod_perl ? (surely you wouldn't be using mod_perl
without being aware of it?)
> perl is acting like taint is on (I didn't
> turn it on, and I can't find where it's turned on, more on that in a
> bit.)
Not sure, but maybe you're looking for this
http://perl.apache.org/docs/1.0/guide/config.html#Taint_Checking
> So, as instructed in the perl faq, I attempt to un-taint the
> variable:
>
> $cmd =~ /(.*)/;
(thereby discarding any benefit you could have got from this useful
check), but don't forget that a number of aspects of the environment
are also taken into account in determining whether system() involves a
taint situation.
> ...but neither one works - the command is not invoked. Still acts like
> it is tainted.
You owe us some information on the error!!
> This works (as indicated by the faq, because the command isn't coming
> from a variable), but does not detach (is there a way to MAKE it
> detach?):
>
> system("/usr/src/client/client",$p1,$p2,$p3,$p4);
I think you're muddling up two things here. There's a standard way of
spawning off a disconnected long-running task in such a way that the
task that invoked it doesn't need to wait for it.
> ...because it does not detach, the perl script still hangs the web
> page, the web page eventually times out, which also (sigh) stops the
> command 'client' from executing for some reason.
Indeed.
I'm sure Randal's webtechiques have examples of this sort of thing.
> Now, about taint apparently being on. The shebang line in my script is
> vanilla, just says #!/usr/bin/perl
>
> The /etc/httpd/conf.d/perl.conf file does NOT contain a command to
> turn on taint, just commented out areas and the single lonely command:
For that kind of stuff you'd be better asking on a server
configuration group (after having duly consulted the relevant
documentation, of course), but if mod_perl is getting in your hair,
why not run a straight-up-and-down CGI script? If the task is going
to take hours, then the sub-second extra overhead of starting up CGI,
relative to using mod_perl, is neither here nor there, so if it
simplifies your life, why not go for it?
But I still would NOT counsel you to toss aside the benefits of taint
checking so lightly!
good luck
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 5692
***************************************
