[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]

Re: [perl #50146] File::Temp and unsafe shell characters

From: Ed Avis <eda@waniasset.com>
To: perl5-porters@perl.org
Date: Mon, 2 Jun 2008 13:27:59 +0000 (UTC)
Message-ID: <loom.20080602T131918-924@post.gmane.org>

Ed Avis <eda <at> waniasset.com> writes:

>(BTW, is there a good alternative to this?  I mean a convenient syntax
>for setting up shell pipelines and redirection but without relying on
>string interpolation.)

I was thinking of an interface that lets you say things like

    run [ 'ls', '-l', $filename ], '|', [ 'wc', '-l' ]

as a safe alternative to

    system "ls -l $filename | wc -l"

which, as everyone here knows, requires tedious sanity-checking of $filename to
avoid unexpected behaviour or security holes caused by shell metacharacters. 
Multi-argument system() is safe but doesn't support piping and redirection.  So
is there something that gives both convenience and safety?

It turns out that just such a module exists: IPC::Run.

IPC::Cmd (built on IPC::Run) and IPC::System::Simple also provide a safe and
convenient way to run external commands, capture output if wanted, and get error
checking without the crazy $? & 127 stuff.  So I don't think there is much
reason to use builtin system() any more.

-- 
Ed Avis <eda@waniasset.com>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]