[30857] in Perl-Users-Digest
Perl-Users Digest, Issue: 2102 Volume: 11
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Wed Jan 7 16:09:44 2009
Date: Wed, 7 Jan 2009 13:09:09 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Wed, 7 Jan 2009 Volume: 11 Number: 2102
Today's topics:
Re: -1 ** 0 == -1 ??? <jack@home.net>
Re: -1 ** 0 == -1 ??? <nh@solenttechnology.co.uk>
Re: -1 ** 0 == -1 ??? <josef.moellers@fujitsu-siemens.com>
Re: -1 ** 0 == -1 ??? sln@netherlands.com
Re: -1 ** 0 == -1 ??? <someone@example.com>
Re: -1 ** 0 == -1 ??? <tadmc@seesig.invalid>
Re: force recursive source filtering <andrex@deadspam.com>
Re: Is there any IDE for perl? <ryan.mccoskrie@gmail.com>
new CPAN modules on Wed Jan 7 2009 (Randal Schwartz)
Re: Parsing a string into a hash <whynot@pozharski.name>
remote invocation for any user james.bruckmann@yahoo.com
Re: remote invocation for any user <tim@burlyhost.com>
Re: remote invocation for any user sln@netherlands.com
Re: remote invocation for any user james.bruckmann@yahoo.com
Re: remote invocation for any user james.bruckmann@yahoo.com
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Tue, 6 Jan 2009 23:07:12 -0700
From: "Jack D" <jack@home.net>
Subject: Re: -1 ** 0 == -1 ???
Message-Id: <49644680$0$5211$6c36adad@news.usenetserver.com>
"kj" <socyl@987jk.com.invalid> wrote in message
news:gju3b4$dfb$1@reader1.panix.com...
>
> I can't think of even the faintest justification for this:
>
> % perl -le 'print( -1 ** 0 )'
> -1
>
> Absolutely horrible! Perl just showed itself wholly unsuitable
> for any programming that involves numerical computation...
>
> Still in shock...
http://mathforum.org/library/drmath/view/55721.html
perl -le 'print ((-1)**0)'
------------------------------
Date: Wed, 7 Jan 2009 07:19:25 -0800 (PST)
From: neilsolent <nh@solenttechnology.co.uk>
Subject: Re: -1 ** 0 == -1 ???
Message-Id: <e64e834d-54d9-4da3-9842-cecb8bd2bc39@t39g2000prh.googlegroups.com>
Hang on ....
perl -le 'print (-1)**0'
-1
perl -e 'print ((-1)**0)'
1
So I don't this is working. Isn't the latter just giving the number of
elements in the list ?
Mathematically, (-1) to the power 0 should be 1. So the first should
return 1 as well.
What am I missing ?
------------------------------
Date: Wed, 07 Jan 2009 16:25:05 +0100
From: Josef Moellers <josef.moellers@fujitsu-siemens.com>
Subject: Re: -1 ** 0 == -1 ???
Message-Id: <gk2hfr$733$1@nntp.fujitsu-siemens.com>
neilsolent wrote:
> Hang on ....
>
> perl -le 'print (-1)**0'
> -1
>
> perl -e 'print ((-1)**0)'
> 1
>
> So I don't this is working. Isn't the latter just giving the number of
> elements in the list ?
> Mathematically, (-1) to the power 0 should be 1. So the first should
> return 1 as well.
>
> What am I missing ?
IIUC the first parses as "print(-1) ** 0" (blanks added for emphasis).
--
These are my personal views and not those of Fujitsu Siemens Computers!
Josef Möllers (Pinguinpfleger bei FSC)
If failure had no penalty success would not be a prize (T. Pratchett)
Company Details: http://www.fujitsu-siemens.com/imprint.html
------------------------------
Date: Wed, 07 Jan 2009 16:48:19 GMT
From: sln@netherlands.com
Subject: Re: -1 ** 0 == -1 ???
Message-Id: <l3n9m4lfhrg2pkg92c5l10iuu7no9dvut9@4ax.com>
On Wed, 7 Jan 2009 07:19:25 -0800 (PST), neilsolent <nh@solenttechnology.co.uk> wrote:
>
>Hang on ....
>
>perl -le 'print (-1)**0'
>-1
>
>perl -e 'print ((-1)**0)'
>1
>
>So I don't this is working. Isn't the latter just giving the number of
>elements in the list ?
>Mathematically, (-1) to the power 0 should be 1. So the first should
>return 1 as well.
>
>What am I missing ?
I ran this script a thousand times. Still the same results:
use strict;
use warnings;
my $fv1 = -1**0;
my $fv2 = (-1)**0;
print "$fv1 , $fv2 \n";
__END__
-1 , 1
------------------------------
Date: Wed, 07 Jan 2009 08:49:19 -0800
From: "John W. Krahn" <someone@example.com>
Subject: Re: -1 ** 0 == -1 ???
Message-Id: <h259l.66954$em5.23717@newsfe22.iad>
neilsolent wrote:
> Hang on ....
>
> perl -le 'print (-1)**0'
> -1
>
> perl -e 'print ((-1)**0)'
> 1
>
> So I don't this is working. Isn't the latter just giving the number of
> elements in the list ?
> Mathematically, (-1) to the power 0 should be 1. So the first should
> return 1 as well.
>
> What am I missing ?
Turn on warnings to find out:
$ perl -wle 'print (-1)**0'
print (...) interpreted as function at -e line 1.
Useless use of exponentiation (**) in void context at -e line 1.
-1
John
--
Those people who think they know everything are a great
annoyance to those of us who do. -- Isaac Asimov
------------------------------
Date: Wed, 7 Jan 2009 11:08:26 -0600
From: Tad J McClellan <tadmc@seesig.invalid>
Subject: Re: -1 ** 0 == -1 ???
Message-Id: <slrngm9oca.p9u.tadmc@tadmc30.sbcglobal.net>
John W. Krahn <someone@example.com> wrote:
> neilsolent wrote:
>> Hang on ....
>>
>> perl -le 'print (-1)**0'
>> -1
>>
>> perl -e 'print ((-1)**0)'
>> 1
>>
>> So I don't this is working. Isn't the latter just giving the number of
>> elements in the list ?
>> Mathematically, (-1) to the power 0 should be 1. So the first should
>> return 1 as well.
>>
>> What am I missing ?
>
> Turn on warnings to find out:
>
> $ perl -wle 'print (-1)**0'
> print (...) interpreted as function at -e line 1.
> Useless use of exponentiation (**) in void context at -e line 1.
> -1
And for the curious that would like more on this, it is covered
in the 3rd paragraph in:
perldoc perlfunc
--
Tad McClellan
email: perl -le "print scalar reverse qq/moc.noitatibaher\100cmdat/"
------------------------------
Date: Wed, 07 Jan 2009 13:50:51 GMT
From: Andrew Schulman <andrex@deadspam.com>
Subject: Re: force recursive source filtering
Message-Id: <5lb9m4dbad05alvh6dbo02rkta6qc50mlo@4ax.com>
> Do you want to apply the changes to code AND to data?
Yes, that is fine because the changes are quite specific.
> If not, then you need to parse to know whether it appears in code or in data.
Agreed that I don't want to parse. I wouldn't even know how to start.
> > It is a simple text filter, is it not? And
> > that's exactly what I want-- a textual filter that will make a small number of
> > well-defined, parameterized transformations on my code-- roughly speaking,
> >
> > s/string1/$ENV{A}/g
> >
> > No syntactical parsing is implied or desired.
>
>
> Perhaps you have not thought this through in enough detail...
>
> Let's say that $ENV{A} = 'foobar';
>
> You want all of these transformations then?
>
> process_string1($arg) ==> process_foobar($arg)
>
> process_string100($arg) ==> process_foobar00($arg)
>
> my $arg = 'string100' ==> my $arg = 'foobar00'
I'm aware that it can be hard to get these sorts of transformations right. I
accept responsibility for any resulting bugs, and promise not to sue, berate, or
even blame anyone except myself, nor to post any questions here resulting from
any code that's using source filtering.
> > Clearly I can modify my code to do this directly, but there are disadvantages to
> > that approach too, which are particular to my situation and which I won't go
> > into here.
>
> Then we will be unable to suggest how to work around them without
> resorting to the evil that is source code filtering.
That is okay. I know the alternatives and can weigh them here in the context of
our environment. But in order to do that I want to fully understand the source
filtering option, which is why I posted.
Thanks for your help so far. I do appreciate the stern warnings and will take
them to heart.
At this point I think it will be most useful for me to focus my question more
narrowly and try again in a new thread.
Thanks,
Andrew.
--
To reply by email, change "deadspam.com" to "alumni.utexas.net"
------------------------------
Date: Thu, 08 Jan 2009 00:05:38 +1300
From: Ryan McCoskrie <ryan.mccoskrie@gmail.com>
Subject: Re: Is there any IDE for perl?
Message-Id: <gk22ao$aqb$1@news.albasani.net>
mobile.parmenides@gmail.com wrote:
> Hi,
>
> My experience concerning the c programming tell me an IED is very
> important for coding and debugging.
You'll find here that many people have experience contrary to yours.
I've never met an IDE that doesn't push me around
and tell me to work the way that I don't want to.
On a *Nix system (preferably Linux or BSD) open the perl
script in your favourite editor* and have a terminal emulator
at the ready to run the script.
If you have a bigger project going with lots of modules
keep the file manager open to the directory you are using.
This is the wisdom of the environment perl came from.
Each program reliably does one thing very well.
That thing it does is very definite (e.g. editing text) but is useful
under many circumstances.
It does each thing well because it does so with as few features as
possible.
On windows it's much the same but the editor isn't pre-installed
and you'll be working with the command prompt instead of
a real terminal program.
MacOS makes it a pain to find the terminal.
Enjoy not having all your design decisions being made by you and
not someone in a ivory tower.
*When I say editor I mean something like the text editing field in an
IDE (including colour coding and auto indentation) on its own.
------------------------------------------------------------------------
Quote of the login:
The program isn't debugged until the last user is dead.
------------------------------
Date: Wed, 7 Jan 2009 05:42:25 GMT
From: merlyn@stonehenge.com (Randal Schwartz)
Subject: new CPAN modules on Wed Jan 7 2009
Message-Id: <KD36Ip.3I1@zorch.sf-bay.org>
The following modules have recently been added to or updated in the
Comprehensive Perl Archive Network (CPAN). You can install them using the
instructions in the 'perlmodinstall' page included with your Perl
distribution.
AnyEvent-4.331
http://search.cpan.org/~mlehmann/AnyEvent-4.331/
provide framework for multiple event loops
----
Audio-Ecasound-Multitrack-0.98
http://search.cpan.org/~ganglion/Audio-Ecasound-Multitrack-0.98/
Perl extensions for multitrack audio processing
----
Audio-MPD-Common-0.1.4
http://search.cpan.org/~jquelin/Audio-MPD-Common-0.1.4/
a bunch of common helper classes for mpd
----
BioPerl-1.5.9_2
http://search.cpan.org/~cjfields/BioPerl-1.5.9_2/
Loader for LiveSeq from EMBL entries with BioPerl
----
CGI-Application-Plugin-I18N-0.01
http://search.cpan.org/~cosmicnet/CGI-Application-Plugin-I18N-0.01/
I18N and L10N methods for CGI::App
----
CGI-Application-Plugin-I18N-0.01-withoutworldwriteables
http://search.cpan.org/~cosmicnet/CGI-Application-Plugin-I18N-0.01-withoutworldwriteables/
I18N and L10N methods for CGI::App
----
CGI-IDS-1.0105
http://search.cpan.org/~hinnerk/CGI-IDS-1.0105/
PerlIDS - Perl Website Intrusion Detection System (XSS, CSRF, SQLI, LFI etc.)
----
CPANPLUS-YACSmoke-0.30
http://search.cpan.org/~bingos/CPANPLUS-YACSmoke-0.30/
Yet Another CPANPLUS Smoke Tester
----
Catalyst-View-Seamstress-2.1_02
http://search.cpan.org/~draxil/Catalyst-View-Seamstress-2.1_02/
HTML::Seamstress View Class for Catalyst
----
Crypt-MatrixSSL-1.86.0
http://search.cpan.org/~cdrake/Crypt-MatrixSSL-1.86.0/
Perl extension for SSL and TLS using MatrixSSL.org
----
DBIx-Class-ForceUTF8-0.0.1
http://search.cpan.org/~thorikawa/DBIx-Class-ForceUTF8-0.0.1/
Force UTF8 (Unicode) flag on columns
----
DBIx-Class-ForceUTF8-0.0.2
http://search.cpan.org/~thorikawa/DBIx-Class-ForceUTF8-0.0.2/
Force UTF8 (Unicode) flag on columns
----
Devel-Pragma-0.20
http://search.cpan.org/~chocolate/Devel-Pragma-0.20/
helper functions for developers of lexical pragmas
----
Devel-Pragma-0.21
http://search.cpan.org/~chocolate/Devel-Pragma-0.21/
helper functions for developers of lexical pragmas
----
Devel-Pragma-0.22
http://search.cpan.org/~chocolate/Devel-Pragma-0.22/
helper functions for developers of lexical pragmas
----
Devel-Pragma-0.30
http://search.cpan.org/~chocolate/Devel-Pragma-0.30/
helper functions for developers of lexical pragmas
----
Devel-Pragma-0.31
http://search.cpan.org/~chocolate/Devel-Pragma-0.31/
helper functions for developers of lexical pragmas
----
FabForce-DBDesigner4-0.14
http://search.cpan.org/~reneeb/FabForce-DBDesigner4-0.14/
Parse/Analyse XML-Files created by DBDesigner 4 (FabForce)
----
Filter-Simple-0.84
http://search.cpan.org/~smueller/Filter-Simple-0.84/
Simplified source filtering
----
Finance-PremiumBonds-0.05
http://search.cpan.org/~bigpresh/Finance-PremiumBonds-0.05/
Perl extension to check Premium Bond holder's numbers
----
Font-TTF-Scripts-0.12
http://search.cpan.org/~mhosken/Font-TTF-Scripts-0.12/
Smart font script supporting modules and scripts for TTF/OTF
----
GBrowse-1.983
http://search.cpan.org/~lds/GBrowse-1.983/
----
GBrowse-1.984
http://search.cpan.org/~lds/GBrowse-1.984/
----
Image-ExifTool-7.60
http://search.cpan.org/~exiftool/Image-ExifTool-7.60/
Read and write meta information
----
LCFG-Build-Skeleton-0.0.10
http://search.cpan.org/~sjquinney/LCFG-Build-Skeleton-0.0.10/
LCFG software package generator
----
LCFG-Build-Tools-0.0.51
http://search.cpan.org/~sjquinney/LCFG-Build-Tools-0.0.51/
LCFG software release tools
----
MojoMojo-Formatter-Amazon-0.01
http://search.cpan.org/~mramberg/MojoMojo-Formatter-Amazon-0.01/
Include Amazon objects on your page.
----
MojoMojo-Formatter-RSS-0.01
http://search.cpan.org/~mramberg/MojoMojo-Formatter-RSS-0.01/
Include rss feeds on your page.
----
MouseX-ConfigFromFile-0.01
http://search.cpan.org/~masaki/MouseX-ConfigFromFile-0.01/
An abstract Mouse role for setting attributes from a configfile
----
MouseX-Getopt-0.01
http://search.cpan.org/~masaki/MouseX-Getopt-0.01/
A Mouse role for processing command line options
----
MouseX-Getopt-0.02
http://search.cpan.org/~masaki/MouseX-Getopt-0.02/
A Mouse role for processing command line options
----
MouseX-Types-Path-Class-0.01
http://search.cpan.org/~masaki/MouseX-Types-Path-Class-0.01/
A Path::Class type library for Mouse
----
MouseX-Types-Path-Class-0.02
http://search.cpan.org/~masaki/MouseX-Types-Path-Class-0.02/
A Path::Class type library for Mouse
----
Net-Domain-ExpireDate-0.94
http://search.cpan.org/~despair/Net-Domain-ExpireDate-0.94/
obtain expiration date of domain names
----
Net-Google-Code-0.01
http://search.cpan.org/~sunnavy/Net-Google-Code-0.01/
a simple client library for google code
----
Net-Server-Framework-1.0
http://search.cpan.org/~norbu/Net-Server-Framework-1.0/
a small framework arounf the famous Net::Server libs
----
NetPacket-0.41.1
http://search.cpan.org/~yanick/NetPacket-0.41.1/
modules to assemble/disassemble network packets at the protocol level.
----
PDF-Burst-1.12
http://search.cpan.org/~leocharre/PDF-Burst-1.12/
create one pdf doc for each page in existing pdf document
----
POE-Component-Client-MPD-0.9.1
http://search.cpan.org/~jquelin/POE-Component-Client-MPD-0.9.1/
a full-blown mpd client library
----
Padre-0.24
http://search.cpan.org/~szabgab/Padre-0.24/
Perl Application Development and Refactoring Environment
----
Padre-Plugin-Perl6-0.023
http://search.cpan.org/~azawawi/Padre-Plugin-Perl6-0.023/
Padre plugin for Perl6
----
Padre-Plugin-PerlTidy-0.04
http://search.cpan.org/~bricas/Padre-Plugin-PerlTidy-0.04/
Format perl files using Perl::Tidy
----
Spreadsheet-Read-0.32
http://search.cpan.org/~hmbrand/Spreadsheet-Read-0.32/
Read the data from a spreadsheet
----
Sys-Mmap-Simple-0.03_2
http://search.cpan.org/~leont/Sys-Mmap-Simple-0.03_2/
Memory mapping made simple and safe.
----
Test-NoTabs-0.6
http://search.cpan.org/~bobtfish/Test-NoTabs-0.6/
Check the presence of tabs in your project
----
Test-NoTabs-0.7
http://search.cpan.org/~bobtfish/Test-NoTabs-0.7/
Check the presence of tabs in your project
----
Tkx-FindBar-0.07
http://search.cpan.org/~mjcarman/Tkx-FindBar-0.07/
Perl Tkx extension for an incremental search toolbar
----
Tkx-ROText-0.01
http://search.cpan.org/~mjcarman/Tkx-ROText-0.01/
Read-only Tkx text widget.
----
Tkx-ROText-0.02
http://search.cpan.org/~mjcarman/Tkx-ROText-0.02/
Read-only Tkx text widget.
----
WebService-MusicBrainz-0.20
http://search.cpan.org/~bfaist/WebService-MusicBrainz-0.20/
----
XML-Atom-0.33
http://search.cpan.org/~miyagawa/XML-Atom-0.33/
Atom feed and API implementation
----
YAML-Tiny-1.36
http://search.cpan.org/~adamk/YAML-Tiny-1.36/
Read/Write YAML files with as little code as possible
----
mysubs-0.20
http://search.cpan.org/~chocolate/mysubs-0.20/
lexical subroutines
If you're an author of one of these modules, please submit a detailed
announcement to comp.lang.perl.announce, and we'll pass it along.
This message was generated by a Perl program described in my Linux
Magazine column, which can be found on-line (along with more than
200 other freely available past column articles) at
http://www.stonehenge.com/merlyn/LinuxMag/col82.html
print "Just another Perl hacker," # the original
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion
------------------------------
Date: Tue, 06 Jan 2009 22:38:25 +0200
From: Eric Pozharski <whynot@pozharski.name>
Subject: Re: Parsing a string into a hash
Message-Id: <slrngm7gah.c63.whynot@orphan.zombinet>
On 2009-01-06, IanW <wibble@fakedomain.com> wrote:
> "John W. Krahn" <someone@example.com> wrote in message
> news:YMI8l.31931$Ac2.19325@newsfe01.iad...
*SKIP*
> .. AND you wanted to build a master hash so that the key is still the
> letters within the square brackets but the values go into sub-hashes.
> E.g: you would get a dump something like:
*SKIP*
> Can each individual string be parsed into %hash in one line? Perhaps this is
> where map comes in?
No, this is where C<qr/(?{})/> comes in (in case you're going to stay in
world of obfuscated regexps). F<perlre> has more.
*CUT*
--
Torvalds' goal for Linux is very simple: World Domination
Stallman's goal for GNU is even simpler: Freedom
------------------------------
Date: Wed, 7 Jan 2009 10:25:33 -0800 (PST)
From: james.bruckmann@yahoo.com
Subject: remote invocation for any user
Message-Id: <466c2329-3196-4d64-b870-db874c2e827c@q30g2000prq.googlegroups.com>
Hello perl gurus,
I have a big problem with the following program:
DCC.pl
...
$cmd = "ssh operator\@192.168.12.12 /usr/local/bin/CCD.pl $IP $user
\n";
system($cmd);
It works perfectly, for the operator user. It invokes on another box
the specified program CCD.pl with the correct parameters. Both boxes
are Sun running Solaris 8 and openssh. and I have ran ssh-keygen -t
rsa to generate pub and private keys and used these to enusre that ssh
works without a password.
The two parameters are entered by the user in a GUI over which I dont
have a lot of control.
The _big_ problem is that lots of different users need to log into the
GUI and this remote invocation only works for the operator user.
If you have an idea on a possible solution then please post it!!
TIA
James
------------------------------
Date: Wed, 07 Jan 2009 10:57:16 -0800
From: Tim Greer <tim@burlyhost.com>
Subject: Re: remote invocation for any user
Message-Id: <hW69l.88642$an4.5820@newsfe08.iad>
james.bruckmann@yahoo.com wrote:
> Hello perl gurus,
>
> I have a big problem with the following program:
> DCC.pl
> ...
> $cmd = "ssh operator\@192.168.12.12 /usr/local/bin/CCD.pl $IP $user
> \n";
> system($cmd);
>
> It works perfectly, for the operator user. It invokes on another box
> the specified program CCD.pl with the correct parameters. Both boxes
> are Sun running Solaris 8 and openssh. and I have ran ssh-keygen -t
> rsa to generate pub and private keys and used these to enusre that ssh
> works without a password.
>
> The two parameters are entered by the user in a GUI over which I dont
> have a lot of control.
>
> The _big_ problem is that lots of different users need to log into the
> GUI and this remote invocation only works for the operator user.
>
> If you have an idea on a possible solution then please post it!!
>
> TIA
>
> James
How is it failing for the other (non operator) users? Did you test this
from a non operator user's shell to rule out this being a Perl related
issue? Are you sure you don't want to enclose the command and
arguments in double quotes for the ssh call? Are you sure you want to
allow any user access to blindly pass a command over a trusted SSH key
to another server, where your code looks like it'll allow them to break
out of that command and pass other commands and arguments? I.e.,
"/pah/to/program argument; /bin/rm -rf /" (as an example). I hope
you're doing some sanity and security checks if you are going to let
just anyone enter commands and arguments.
--
Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
and Custom Hosting. 24/7 support, 30 day guarantee, secure servers.
Industry's most experienced staff! -- Web Hosting With Muscle!
------------------------------
Date: Wed, 07 Jan 2009 20:32:06 GMT
From: sln@netherlands.com
Subject: Re: remote invocation for any user
Message-Id: <2s3am41pl6s7mgpcms1nsodvqhv34nra12@4ax.com>
On Wed, 7 Jan 2009 10:25:33 -0800 (PST), james.bruckmann@yahoo.com wrote:
>Hello perl gurus,
>
>I have a big problem with the following program:
>DCC.pl
>...
>$cmd = "ssh operator\@192.168.12.12 /usr/local/bin/CCD.pl $IP $user
>\n";
>system($cmd);
>
>It works perfectly, for the operator user. It invokes on another box
>the specified program CCD.pl with the correct parameters. Both boxes
>are Sun running Solaris 8 and openssh. and I have ran ssh-keygen -t
>rsa to generate pub and private keys and used these to enusre that ssh
>works without a password.
>
>The two parameters are entered by the user in a GUI over which I dont
>have a lot of control.
>
>The _big_ problem is that lots of different users need to log into the
>GUI and this remote invocation only works for the operator user.
>
>If you have an idea on a possible solution then please post it!!
>
>TIA
>
>James
I'm not a Linux user so this is just speculation.
Are you saying different people log onto your box and use the same
DCC.pl script?
Would you have to generate rsa keys for those users and then
change to: $cmd = "ssh $user\@192.168.12.12 /usr/local/bin/CCD.pl $IP $user";
http://news.softpedia.com/news/How-to-Use-RSA-Key-for-SSH-Authentication-38599.shtml
Not sure.
sln
------------------------------
Date: Wed, 7 Jan 2009 12:41:24 -0800 (PST)
From: james.bruckmann@yahoo.com
Subject: Re: remote invocation for any user
Message-Id: <5135f012-c4d7-42ed-ad8f-433a7ddb78ed@r15g2000prh.googlegroups.com>
On Jan 7, 6:57=A0pm, Tim Greer <t...@burlyhost.com> wrote:
> james.bruckm...@yahoo.com wrote:
> > Hello perl gurus,
>
> > I have a big problem with the following program:
> > DCC.pl
> > ...
> > $cmd =3D "ssh =A0operator\@192.168.12.12 /usr/local/bin/CCD.pl $IP $use=
r
> > \n";
> > system($cmd);
>
> > It works perfectly, for the operator user. It invokes on another box
> > the specified program CCD.pl with the correct parameters. Both boxes
> > are Sun running Solaris 8 and openssh. and I have ran ssh-keygen -t
> > rsa to generate pub and private keys and used these to enusre that ssh
> > works without a password.
>
> > The two parameters are entered by the user in a GUI over which I dont
> > have a lot of control.
>
> > The _big_ problem is that lots of different users need to log into the
> > GUI and this remote invocation only works for the operator user.
>
> > If you have an idea on a possible solution then please post it!!
>
> > TIA
>
> > James
>
> How is it failing for the other (non operator) users? =A0Did you test thi=
s
> from a non operator user's shell to rule out this being a Perl related
> issue? =A0Are you sure you don't want to enclose the command and
> arguments in double quotes for the ssh call? =A0Are you sure you want to
> allow any user access to blindly pass a command over a trusted SSH key
> to another server, where your code looks like it'll allow them to break
> out of that command and pass other commands and arguments? =A0I.e.,
> "/pah/to/program argument; /bin/rm -rf /" (as an example). =A0I hope
> you're doing some sanity and security checks if you are going to let
> just anyone enter commands and arguments.
> --
> Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
> Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
> and Custom Hosting. =A024/7 support, 30 day guarantee, secure servers.
> Industry's most experienced staff! -- Web Hosting With Muscle!- Hide quot=
ed text -
>
> - Show quoted text -
Thanks for your interest!
>How is it failing for the other (non operator) users?
It just hangs the gui.
>Did you test this from a non operator user's shell to rule out this being=
a Perl related issue?
I did invoke DCC.pl from the shell that hangs too.
> Are you sure you don't want to enclose the command and arguments in doubl=
e quotes for the ssh call?
hmmm backslashed double quotes, it would neeed I guess, I could do
that, but it works OK without, at least for the operator user.
>Are you sure you want to allow any user access to blindly pass a command o=
ver a trusted SSH key to another server,
Good question, but yes I am sure, users dont normally have access to
the command line, and if they had baad intent as a non-root user they
could pose more of a risk on the originating box than the target box -
and actually there is only a few users - and they are the good
guys ;-).
so I really do want any user to be able to use the functionality.
------------------------------
Date: Wed, 7 Jan 2009 12:54:00 -0800 (PST)
From: james.bruckmann@yahoo.com
Subject: Re: remote invocation for any user
Message-Id: <65e1ed0a-05b7-4ba7-bd3c-a17282890c81@d42g2000prb.googlegroups.com>
On Jan 7, 8:32=A0pm, s...@netherlands.com wrote:
> On Wed, 7 Jan 2009 10:25:33 -0800 (PST), james.bruckm...@yahoo.com wrote:
> >Hello perl gurus,
>
> >I have a big problem with the following program:
> >DCC.pl
> >...
> >$cmd =3D "ssh =A0operator\@192.168.12.12 /usr/local/bin/CCD.pl $IP $user
> >\n";
> >system($cmd);
>
> >It works perfectly, for the operator user. It invokes on another box
> >the specified program CCD.pl with the correct parameters. Both boxes
> >are Sun running Solaris 8 and openssh. and I have ran ssh-keygen -t
> >rsa to generate pub and private keys and used these to enusre that ssh
> >works without a password.
>
> >The two parameters are entered by the user in a GUI over which I dont
> >have a lot of control.
>
> >The _big_ problem is that lots of different users need to log into the
> >GUI and this remote invocation only works for the operator user.
>
> >If you have an idea on a possible solution then please post it!!
>
> >TIA
>
> >James
>
> I'm not a Linux user so this is just speculation.
> Are you saying different people log onto your box and use the same
> DCC.pl script?
>
> Would you have to generate rsa keys for those users and then
> change to: $cmd =3D "ssh =A0$user\@192.168.12.12 /usr/local/bin/CCD.pl $I=
P $user";
>
> http://news.softpedia.com/news/How-to-Use-RSA-Key-for-SSH-Authenticat...
>
> Not sure.
>
> sln- Hide quoted text -
>
> - Show quoted text -
That is a very interesting and logical idea, but the users that exist
on the source box generally do not exist on the target box, so it
would involve creating users on the target box creating keys and
copying the pub key - sadly not feasible.
V nice try thanks!
I am now wondering about a setuid perl prog that morphed into the
operator user and could then read the key with 600 perms on - but I
dont know how to do that or even if it is possible..
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
#The Perl-Users Digest is a retransmission of the USENET newsgroup
#comp.lang.perl.misc. For subscription or unsubscription requests, send
#the single line:
#
# subscribe perl-users
#or:
# unsubscribe perl-users
#
#to almanac@ruby.oce.orst.edu.
NOTE: due to the current flood of worm email banging on ruby, the smtp
server on ruby has been shut off until further notice.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
#To request back copies (available for a week or so), send your request
#to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
#where x is the volume number and y is the issue number.
#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V11 Issue 2102
***************************************
