[31239] in Perl-Users-Digest
Perl-Users Digest, Issue: 2484 Volume: 11
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Fri Jun 19 11:09:42 2009
Date: Fri, 19 Jun 2009 08:09:10 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Fri, 19 Jun 2009 Volume: 11 Number: 2484
Today's topics:
Re: Captcha and Perl: some issues... <tadmc@seesig.invalid>
Health <yaqubmedical@gmail.com>
Re: Perl WTF <sisyphus359@gmail.com>
Re: Perl WTF <derykus@gmail.com>
Re: Perl WTF <sisyphus359@gmail.com>
Re: Perl WTF <1usa@llenroc.ude.invalid>
Replace the first instance only of a string <massion@gmx.de>
Re: Replace the first instance only of a string <cartercc@gmail.com>
Re: Replace the first instance only of a string <1usa@llenroc.ude.invalid>
Re: SetUID (Jens Thoms Toerring)
Re: SetUID <ben@morrow.me.uk>
Re: SetUID <sg.maylcc@gmail.com>
Re: SetUID <sg.maylcc@gmail.com>
Re: SetUID <ben@morrow.me.uk>
Re: SetUID (Jens Thoms Toerring)
Re: Test Password (Linux) <RedGrittyBrick@spamweary.invalid>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Fri, 19 Jun 2009 07:11:20 -0500
From: Tad J McClellan <tadmc@seesig.invalid>
Subject: Re: Captcha and Perl: some issues...
Message-Id: <slrnh3mvv6.26l.tadmc@tadmc30.sbcglobal.net>
Vit <finar76@gmail.com> wrote:
You are learning some bad habits.
It is best if you unlearn them as early as possible.
> my $query = new CGI;
You should do it like this instead:
my $query = CGI->new;
See the "Indirect Object Syntax" section in
perldoc perlobj
for why.
> &check_captcha;
You should do it like this instead:
check_captcha();
See the top of
perldoc perlsub
for why.
--
Tad McClellan
email: perl -le "print scalar reverse qq/moc.noitatibaher\100cmdat/"
------------------------------
Date: Fri, 19 Jun 2009 03:35:26 -0700 (PDT)
From: yaqub khan <yaqubmedical@gmail.com>
Subject: Health
Message-Id: <28d2da80-e075-41a4-8768-0141e7eda937@z20g2000prh.googlegroups.com>
health is wealth because see how you live healthy its contain usefull
information about everyone its includs information about diseases,
treetment,
medicine,diet and many more see this
Injuries and Wounds
Tuesday, June 9, 2009
Posted by Yaqub Khan
Profiles over 70 common injuries from animal bites to whiplash.
Educates
about causes, signs of an emergency, symptoms, first aid, prevention,
and treatment.
for more details yaqubhealth.blogspot.com
------------------------------
Date: Fri, 19 Jun 2009 03:27:34 -0700 (PDT)
From: sisyphus <sisyphus359@gmail.com>
Subject: Re: Perl WTF
Message-Id: <4bf21831-9058-42c7-a401-e9e47e9b7408@y33g2000prg.googlegroups.com>
On Jun 19, 5:50=A0pm, Lech <newsy-l...@totrzebawyciac.gazeta.sky.pl>
wrote:
> I think that perls sucks far less than other languages.
But then perl inherits suckiness from other languages, too.
It amuses that, on many nixes, different strings take on different
values when used in a numeric context:
perl -e 'print "infertility" * 1'
perl -e 'print "nanoseconds" * 1'
perl -e 'print "fanaticists" * 1'
will often print out three different numeric values, namely 'inf',
'nan' (if that can be called a numeric value) and '0' respectively.
But that 'WTF?' isn't really the work of perl - perl is just handing
control over to the underlying libc.
Yeah ... small things amuse small minds ....
Cheers,
Rob
------------------------------
Date: Fri, 19 Jun 2009 04:55:25 -0700 (PDT)
From: "C.DeRykus" <derykus@gmail.com>
Subject: Re: Perl WTF
Message-Id: <6b0abd83-e558-4ef4-98ee-d437ed974117@d25g2000prn.googlegroups.com>
On Jun 19, 3:27=A0am, sisyphus <sisyphus...@gmail.com> wrote:
> On Jun 19, 5:50=A0pm, Lech <newsy-l...@totrzebawyciac.gazeta.sky.pl>
> wrote:
>
> > I think that perls sucks far less than other languages.
>
> But then perl inherits suckiness from other languages, too.
> It amuses that, on many nixes, different strings take on different
> values when used in a numeric context:
>
> perl -e 'print "infertility" * 1'
> perl -e 'print "nanoseconds" * 1'
> perl -e 'print "fanaticists" * 1'
>
> will often print out three different numeric values, namely 'inf',
> 'nan' (if that can be called a numeric value) and '0' respectively.
And at least perl warns you :)
perl -we 'print "infertility" * 1'
Argument "infertility" isn't numeric in
multiplication (*)
>
> But that 'WTF?' isn't really the work of perl - perl is just handing
> control over to the underlying libc.
>
Although somewhat dated with many Perl4 ref's,
'perltrap' has lots of examples.
--
Charles DeRykus
------------------------------
Date: Fri, 19 Jun 2009 06:23:37 -0700 (PDT)
From: sisyphus <sisyphus359@gmail.com>
Subject: Re: Perl WTF
Message-Id: <da9c3cc3-f551-41b7-a666-8e79331dc0c2@x6g2000vbg.googlegroups.com>
On Jun 19, 9:55=A0pm, "C.DeRykus" <dery...@gmail.com> wrote:
>
> And at least perl warns you :)
>
> =A0 perl -we 'print "infertility" * 1'
>
> =A0 Argument "infertility" isn't numeric in
> =A0 =A0 =A0multiplication =A0 (*)
Yes, but it doesn't warn me that "infertility", "nanoseconds" and
"fanaticists" all take on different values when used in numeric
contexts.
Another way of looking at it - all of the following are true (on many
systems):
"infertility" =3D=3D "infertility"
"infertility" =3D=3D "informal"
"fanaticists" =3D=3D "fanaticists"
"fanaticists" =3D=3D "most strings"
but
"infertility" !=3D "most strings"
"nanoseconds" !=3D "nanoseconds"
What *were* they thinking of ;-)
(Anyway, enough of my pathetic contrivances .... I better shut up.)
Cheers,
Rob
------------------------------
Date: Fri, 19 Jun 2009 14:17:36 GMT
From: "A. Sinan Unur" <1usa@llenroc.ude.invalid>
Subject: Re: Perl WTF
Message-Id: <Xns9C2F68B703ECDasu1cornelledu@127.0.0.1>
sisyphus <sisyphus359@gmail.com> wrote in
news:da9c3cc3-f551-41b7-a666-8e79331dc0c2@x6g2000vbg.googlegroups.com:
> On Jun 19, 9:55 pm, "C.DeRykus" <dery...@gmail.com> wrote:
>
>>
>> And at least perl warns you :)
>>
>> perl -we 'print "infertility" * 1'
>>
>> Argument "infertility" isn't numeric in
>> multiplication (*)
>
> Yes, but it doesn't warn me that "infertility", "nanoseconds" and
> "fanaticists" all take on different values when used in numeric
> contexts.
>
> Another way of looking at it - all of the following are true (on many
> systems):
> "infertility" == "infertility"
> "infertility" == "informal"
> "fanaticists" == "fanaticists"
> "fanaticists" == "most strings"
> but
> "infertility" != "most strings"
> "nanoseconds" != "nanoseconds"
>
> What *were* they thinking of ;-)
Excellent examples. It is clear what is going on if you know what is
going on but to understand what is going on one needs to connect way too
many dots. ;-)
Sinan
--
A. Sinan Unur <1usa@llenroc.ude.invalid>
(remove .invalid and reverse each component for email address)
comp.lang.perl.misc guidelines on the WWW:
http://www.rehabitation.com/clpmisc/
------------------------------
Date: Fri, 19 Jun 2009 05:27:44 -0700 (PDT)
From: Francois Massion <massion@gmx.de>
Subject: Replace the first instance only of a string
Message-Id: <6eb4a434-e6c7-4145-8c42-e77b48535592@u10g2000vbd.googlegroups.com>
I couldn't find so far a solution to a quite common problem:
There is a document in which some words occur many times. I want to
replace ONLY THE FIRST instance of the word and leave the other
instances unchanged.
Here my code:
(...)
foreach $sentence (@document) {
chomp $sentence;
$sentence =~ s/Subject/Topic/;
push (@result,$sentence);
}
(...)
I have tried to use the modifier "o" for "once" but it didn't work as
well:
$sentence =~ s/Subject/Topic/o;
Any suggestion?
Thanks
Francois
------------------------------
Date: Fri, 19 Jun 2009 06:57:41 -0700 (PDT)
From: ccc31807 <cartercc@gmail.com>
Subject: Re: Replace the first instance only of a string
Message-Id: <1fa52f6d-4c3a-4f68-ab7b-27b70ee8f8b0@r13g2000vbr.googlegroups.com>
On Jun 19, 8:27=A0am, Francois Massion <mass...@gmx.de> wrote:
> I couldn't find so far a solution to a quite common problem:
>
> There is a document in which some words occur many times. I want to
> replace ONLY THE FIRST instance of the word and leave the other
> instances unchanged.
I don't know what your input document looks like. Ordinarily, I read
in a document line by line, 'line' being defined as a string ending in
a newline, \n. I would guess that you want something like this:
open INFILE, '<', 'inputfile.txt';
open OUTFILE, '>', 'outputfile.txt';
while (<INFILE>)
{
if ($_ =3D~ /target/)
{
$_ =3D~ s/target/change/;
last;
}
}
close INFILE;
close OUTFILE;
This is off the cuff, untested, and Sinan will huff 'sloppy', but the
logic is good even if you have to play with the code a bit.
CC
------------------------------
Date: Fri, 19 Jun 2009 14:13:49 GMT
From: "A. Sinan Unur" <1usa@llenroc.ude.invalid>
Subject: Re: Replace the first instance only of a string
Message-Id: <Xns9C2F68139DCDAasu1cornelledu@127.0.0.1>
ccc31807 <cartercc@gmail.com> wrote in news:1fa52f6d-4c3a-4f68-ab7b-
27b70ee8f8b0@r13g2000vbr.googlegroups.com:
> On Jun 19, 8:27 am, Francois Massion <mass...@gmx.de> wrote:
>> I couldn't find so far a solution to a quite common problem:
>>
>> There is a document in which some words occur many times. I want to
>> replace ONLY THE FIRST instance of the word and leave the other
>> instances unchanged.
>
> I don't know what your input document looks like. Ordinarily, I read
> in a document line by line, 'line' being defined as a string ending in
> a newline, \n. I would guess that you want something like this:
>
> open INFILE, '<', 'inputfile.txt';
> open OUTFILE, '>', 'outputfile.txt';
> while (<INFILE>)
> {
> if ($_ =~ /target/)
> {
> $_ =~ s/target/change/;
> last;
> }
> }
> close INFILE;
> close OUTFILE;
>
> This is off the cuff, untested, and Sinan will huff 'sloppy', but the
> logic is good even if you have to play with the code a bit.
I will not huff 'sloppy'. It is inane. If you are using $_, use it. The
s/// operator returns a value, use it. As it is, you are doing the same
work twice -- finding if the line contains 'target'.
Also, he probably does not want to abort the loop, but to write the rest
of the document unchanged to the output file after the first
replacement.
#!/usr/bin/perl
use strict;
use warnings;
my $replaced;
while ( <DATA> ) {
$replaced or $replaced = s/words/sentences/;
print;
}
__DATA__
A moth ate words. It seemed to me
a strange event when I heard of that wonder,
that a worm, a thief in darkness, should devour
the songs of men, glorious utterance
and a place of strong being. The thievish visitor
was no whit the wiser for swallowing the words.
--
A. Sinan Unur <1usa@llenroc.ude.invalid>
(remove .invalid and reverse each component for email address)
comp.lang.perl.misc guidelines on the WWW:
http://www.rehabitation.com/clpmisc/
------------------------------
Date: 19 Jun 2009 10:30:05 GMT
From: jt@toerring.de (Jens Thoms Toerring)
Subject: Re: SetUID
Message-Id: <7a17ldF1smi1qU1@mid.uni-berlin.de>
maylcc <sg.maylcc@gmail.com> wrote:
> I'm having problem running my copied script to my server. Can anybody who is
> patient enough to help me with my problem?
> I have a chpass.pl which is being executed by a change password web
> utility page. This script tries to update a password on my linux
> server /etc/shadow with a file permision rw------.
Mmmm, sounds like something with a lot of potential security
risks. Why not let the user change his/her password when
logged in the normal way? Not everything is suitable for
being done via a web page...
> my chpass.pl was set to -rwsr-sr-x , with this file permission, I'm
> getting an error: Can't do setuid,
Yes, that's a feature, not a bug. Setuid'ed sripts can be very
dangerous for a number of reasons and thus Perl doesn't run
them blindly. But you can get the script to run when you switch
on taint mode for the script with the -T command line option
(e.g. by having it in the first line of your script):
#!/usr/bin/perl -T
Of course, this will require that your script is written in a
way that allows it to run in taint mode, e.g. all external
input must be checked, the environment laundered etc. See
perldoc perlsec
for a longer description. But then Perl CGI scripts etc. should
be run in taint mode anyway to help you avoid the most stupid
security mistakes;-)
> When I chmod 777 the /etc/shadow then everything
> works but I'm sure its not safe to do that.
It's definitely not safe! Never do that, /etc/shadow isn't meant
to be seen by anything but programs that run with root permis-
sions!
Regards, Jens
--
\ Jens Thoms Toerring ___ jt@toerring.de
\__________________________ http://toerring.de
------------------------------
Date: Fri, 19 Jun 2009 11:45:27 +0100
From: Ben Morrow <ben@morrow.me.uk>
Subject: Re: SetUID
Message-Id: <7r6sg6-h5p2.ln1@osiris.mauzo.dyndns.org>
Quoth maylcc <sg.maylcc@gmail.com>:
> I'm having problem running my copied script to my server. Can anybody
> who is
> patient enough to help me with my problem?
>
> I have a chpass.pl which is being executed by a change password web
> utility page. This script tries to update a password on my linux
> server /etc/shadow with a file permision rw------.
>
> my chpass.pl was set to -rwsr-sr-x , with this file permission, I'm
Why are you trying to run both setuid and setgid?
> getting an
> error: Can't do setuid, When I chmod 777 the /etc/shadow then
> everything
> works but I'm sure its not safe to do that.
Please don't take this the wrong way, but I *really* think you shouldn't
be trying to write this. You clearly don't know enough about Unix
security to have any chance of getting it right. For a start, you should
*never* be trying to run a CGI script as root.
The error you are getting is because you are on a system which doesn't
have secure setid scripts (or where perl doesn't know you have them),
and you don't have suidperl installed. This is the case for an ordinary
perl install on BSD, for example. You should turn off the setid bits on
the script, as they are not going to do anything useful.
If you insist on writing this, you need to find some way to change the
password without writing to /etc/shadow directly. Running passwd(1)
under sudo might be one way, assuming you can grant yourself the
appropriate sudo rights.
Ben
------------------------------
Date: Fri, 19 Jun 2009 03:59:05 -0700 (PDT)
From: maylcc <sg.maylcc@gmail.com>
Subject: Re: SetUID
Message-Id: <ca8f153a-df27-4fb4-ad8b-13ffe80ad7bf@z8g2000prd.googlegroups.com>
On Jun 19, 6:45=A0pm, Ben Morrow <b...@morrow.me.uk> wrote:
> Quoth maylcc <sg.may...@gmail.com>:
>
> > I'm having problem running my copied script to my server. Can anybody
> > who is
> > patient enough to help me with my problem?
>
> > I have a chpass.pl which is being executed by a change password web
> > utility page. This script tries to update a password on my linux
> > server /etc/shadow with a file permision rw------.
>
> > my chpass.pl was set to -rwsr-sr-x , with this file permission, I'm
>
> Why are you trying to run both setuid and setgid?
>
> > getting an
> > error: Can't do setuid, When I chmod 777 the /etc/shadow then
> > everything
> > works but I'm sure its not safe to do that.
>
> Please don't take this the wrong way, but I *really* think you shouldn't
> be trying to write this. You clearly don't know enough about Unix
> security to have any chance of getting it right. For a start, you should
> *never* be trying to run a CGI script as root.
>
> The error you are getting is because you are on a system which doesn't
> have secure setid scripts (or where perl doesn't know you have them),
> and you don't have suidperl installed. This is the case for an ordinary
> perl install on BSD, for example. You should turn off the setid bits on
> the script, as they are not going to do anything useful.
>
> If you insist on writing this, you need to find some way to change the
> password without writing to /etc/shadow directly. Running passwd(1)
> under sudo might be one way, assuming you can grant yourself the
> appropriate sudo rights.
>
> Ben
thanks for your reply. i am trying to implement a test password script
which accepts user id and password and using these parameters to auth
against the server (linux) /etc/passwd and shadow. any suggestion?
------------------------------
Date: Fri, 19 Jun 2009 03:59:22 -0700 (PDT)
From: maylcc <sg.maylcc@gmail.com>
Subject: Re: SetUID
Message-Id: <d40f4319-b983-4536-8488-52da0a33b70d@d38g2000prn.googlegroups.com>
On Jun 19, 6:30=A0pm, j...@toerring.de (Jens Thoms Toerring) wrote:
> maylcc <sg.may...@gmail.com> wrote:
> > I'm having problem running my copied script to my server. Can anybody w=
ho is
> > patient enough to help me with my problem?
> > I have a chpass.pl which is being executed by a change password web
> > utility page. This script tries to update a password on my linux
> > server /etc/shadow with a file permision rw------.
>
> Mmmm, sounds like something with a lot of potential security
> risks. Why not let the user change his/her password when
> logged in the normal way? Not everything is suitable for
> being done via a web page...
>
> > my chpass.pl was set to -rwsr-sr-x , with this file permission, I'm
> > getting an error: Can't do setuid,
>
> Yes, that's a feature, not a bug. Setuid'ed sripts can be very
> dangerous for a number of reasons and thus Perl doesn't run
> them blindly. But you can get the script to run when you switch
> on taint mode for the script with the -T command line option
> (e.g. by having it in the first line of your script):
>
> #!/usr/bin/perl -T
>
> Of course, this will require that your script is written in a
> way that allows it to run in taint mode, e.g. all external
> input must be checked, the environment laundered etc. See
>
> perldoc perlsec
>
> for a longer description. But then Perl CGI scripts etc. should
> be run in taint mode anyway to help you avoid the most stupid
> security mistakes;-)
>
> > When I chmod 777 the /etc/shadow then everything
> > works but I'm sure its not safe to do that.
>
> It's definitely not safe! Never do that, /etc/shadow isn't meant
> to be seen by anything but programs that run with root permis-
> sions!
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Regards, Jens
> --
> =A0 \ =A0 Jens Thoms Toerring =A0___ =A0 =A0 =A0j...@toerring.de
> =A0 =A0\__________________________ =A0 =A0 =A0http://toerring.de
thanks for your reply. i am trying to implement a test password script
which accepts user id and password and using these parameters to auth
against the server (linux) /etc/passwd and shadow. any suggestion?
------------------------------
Date: Fri, 19 Jun 2009 12:01:34 +0100
From: Ben Morrow <ben@morrow.me.uk>
Subject: Re: SetUID
Message-Id: <ep7sg6-17t2.ln1@osiris.mauzo.dyndns.org>
Quoth jt@toerring.de (Jens Thoms Toerring):
> maylcc <sg.maylcc@gmail.com> wrote:
>
> > my chpass.pl was set to -rwsr-sr-x , with this file permission, I'm
> > getting an error: Can't do setuid,
>
> Yes, that's a feature, not a bug. Setuid'ed sripts can be very
> dangerous for a number of reasons and thus Perl doesn't run
> them blindly. But you can get the script to run when you switch
> on taint mode for the script with the -T command line option
> (e.g. by having it in the first line of your script):
>
> #!/usr/bin/perl -T
No you can't. A -T on the shebang line doesn't affect setid execution
one way or the other: if a setid script executes at all, it will be
running in taint mode regardless of whether you asked for it or not.
The error is issued because there is a race condition between the kernel
and the interpreter. As I'm sure you know, when you run an executable
script /path/to/foo that has a #!/usr/bin/perl line, the kernel actually
runs
/usr/bin/perl /path/to/foo
and perl then opens /path/to/foo and runs it. The trouble is, there is a
small window of time between the point where the kernel checks setid
bits on the file and the point where perl opens it, so it would be
possible (using symlinks) for an attacker to execute a setid script but
replace the file with some other of his choosing before perl opens it.
This would obviously be very bad, so most systems disable setid script
execution in the kernel.
Ben
------------------------------
Date: 19 Jun 2009 11:21:22 GMT
From: jt@toerring.de (Jens Thoms Toerring)
Subject: Re: SetUID
Message-Id: <7a1aliF1tf5gqU1@mid.uni-berlin.de>
Ben Morrow <ben@morrow.me.uk> wrote:
> Quoth jt@toerring.de (Jens Thoms Toerring):
> > maylcc <sg.maylcc@gmail.com> wrote:
> > > my chpass.pl was set to -rwsr-sr-x , with this file permission, I'm
> > > getting an error: Can't do setuid,
> >
> > Yes, that's a feature, not a bug. Setuid'ed sripts can be very
> > dangerous for a number of reasons and thus Perl doesn't run
> > them blindly. But you can get the script to run when you switch
> > on taint mode for the script with the -T command line option
> > (e.g. by having it in the first line of your script):
> >
> > #!/usr/bin/perl -T
Sorry for spewing non-sense! I thought I remembered something
like that, did a fast test and things seemed to work for some
reason... I guess I better don't post while still having a bit
of a temperature;-)
Regards, Jens
--
\ Jens Thoms Toerring ___ jt@toerring.de
\__________________________ http://toerring.de
------------------------------
Date: Fri, 19 Jun 2009 14:39:28 +0100
From: RedGrittyBrick <RedGrittyBrick@spamweary.invalid>
Subject: Re: Test Password (Linux)
Message-Id: <4a3b9517$0$24011$db0fefd9@news.zen.co.uk>
maylcc wrote:
> Anyone can share their experience how to allow user to test password
> with the linux server?
> i have written a perl script but apparently encounter error to execute
> without root "Can't do setuid".
>
> Waiting for any kind soul to help. Thanks.
I'd look at this:
http://search.cpan.org/perldoc?Authen::PAM
--
RGB
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
#The Perl-Users Digest is a retransmission of the USENET newsgroup
#comp.lang.perl.misc. For subscription or unsubscription requests, send
#the single line:
#
# subscribe perl-users
#or:
# unsubscribe perl-users
#
#to almanac@ruby.oce.orst.edu.
NOTE: due to the current flood of worm email banging on ruby, the smtp
server on ruby has been shut off until further notice.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
#To request back copies (available for a week or so), send your request
#to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
#where x is the volume number and y is the issue number.
#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V11 Issue 2484
***************************************
