School Assignment? Project Due Tomorrow? Chat LIVE With A Programming Expert!

Dream.In.Code > Programming Help > Perl and Python

Welcome to Dream.In.Code
	Become an Expert! Join 300,459 Programmers for FREE! Get instant access to thousands of experts, tutorials, code snippets, and more! There are 1,622 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a Expert

executing hash element

executing hash element

Sun751	2 Jul, 2009 - 12:03 AM Post #1
D.I.C Head Joined: 11 Dec, 2008 Posts: 57 Thanked: 1 times My Contributions	I am writing a perl script where I am suppose do lost of copying and execution other scripts, So to achieve that I used configuration file which hold all the commands. And in my script my hash reads configuration file (some command referance name as key and command as value) And in below code I am executing one of the copy command, CODE sub initilize_config { my ($HR_config,$config_file) = @_; open (my $fr, '<', "$config_file") \|\| die "Unable to open configuration file: $config_file $!"; while (my $line = <$fr>) { $line =~ tr/\r\n//d; next unless $line; if ($line =~ /^(.+?)=(.+?)$/) { $$HR_config{$1} = $2; } } } sub prn { my $HR_config = shift; system("$HR_config->{CMD_cp}"); if ( $? == -1) { print "Conmmand Failed\n"; } } And I am suppose to do lots of coying, executing other scripts and removing files, So I am planning to achieve that using above method. So can any one suggest me If I am doing right or is there any other better way to do it, any improvement needed Please! Cheers
	This Post Was Helpful!

Register for Free to Make These Ads Go Away!

dsherohman	RE: Executing Hash Element 2 Jul, 2009 - 03:15 AM Post #2
D.I.C Head Joined: 29 Mar, 2009 Posts: 184 Thanked: 35 times My Contributions	That will work, yes, but I'd be a bit worried about the security implications. What happens if someone (accidentally or maliciously) inserts a command like "rm -rf ~" into the config file? If you have a fixed set of allowable commands, then set up a dispatch table and use that to determine which command to invoke rather than passing external input directly to the shell: CODE my %dispatch = ( cmd1 => \&sub1, cmd2 => \&sub2, ); &{$dispatch{$HR_config->{CMD_cp}}}(@parameters); sub sub1 { # process cmd1 } sub sub2 { # process cmd2 } If you don't have a fixed set of allowable commands, then consider whether you might at least be able to examine the entered commands for safety/sanity before executing them. Turning on taint mode (by adding a "-T" to your "#!/usr/bin/perl" line at the top of the program) will help to enforce this by refusing to let you give parameters to system() without passing them through a regex first and passing only the matches: CODE #!/usr/bin/perl -T # You have to clean out %ENV if you're going to call external # commands while running under taint mode so that malicious # environment settings can't compromise your security %ENV = ( PATH => '/bin:/usr/bin', ); my $cmd = <STDIN>; eval { system($cmd); # Fails because $cmd is tainted }; if ($@) { print "system(\$cmd) died:\n$@---\n"; } # Only match an date, less, ls, more, or pwd command, plus # possible arguments parameters, but not a second command # on the same line if ($cmd =~ /(date\|less\|ls\|more\|pwd)\b\s([^;&<>])/) { # Because $1 and $2 contain regex matches, they are no # longer tainted system("$1 $2"); }
	This Post Was Helpful!

KevinADC	RE: Executing Hash Element 2 Jul, 2009 - 10:51 AM Post #3
D.I.C Regular Joined: 23 Jan, 2007 Posts: 401 Thanked: 25 times Dream Kudos: 50 My Contributions	There is also the Safe module: http://perldoc.perl.org/Safe.html
	This Post Was Helpful!

Fast Reply

Reply to this topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 11/8/09 02:12AM

Invision Power Board v2.1.7 © 2009 IPS, Inc.

Licensed to: MediaGroup1

Advertising | Terms of Use | Privacy Policy | About Us | Site Map

Advertise on this site through Lake Quincy Media

Forum Index: Programming Help | C and C++ | VB6 | Java | VB.NET | C# | ASP.NET | PHP | ColdFusion | Perl and Python | Ruby | Databases | Other Languages | Game Programming | Mobile Development | Software Development | Computer Science | Industry News | Programming Tutorials | C++ Tutorials | Visual Basic Tutorials | Java Tutorials | VB.NET Tutorials | C# Tutorials | Linux Tutorials | PHP Tutorials | ColdFusion Tutorials | Windows Tutorials | HTML/JavaScript Tutorials | CSS Tutorials | Flash Tutorials | Web Promotion Tutorials | Graphic Design & Photoshop Tutorials | Software Development Tutorials | Database Tutorials | Other Language Tutorials | ASP.NET Tutorials | Game Programming Tutorials | WPF & Silverlight Tutorials |

Copyright 2001-2008 MediaGroup1 LLC, All Rights Reserved
A MediaGroup1 LLC Production - Version 6.0.2.1.36
Server: secure2

Search^Updated!w00t

Over 509,000 Pages! Advanced Forum Search

Live Help!

Be Social

Tutorials

Programming

Web Development

Reference Sheets

Code Snippets

DIC Chatroom

Join our IRC Chat

Bye Bye Ads

Monthly Drawing

Top Contributors

Top 10 Kudos This Month