Re: Check system calls (was Re: Several new CGI vulnerabilities)

[chip () PERLSUPPORT COM (Chip Salzenberg)]

According to Lincoln Stein:
> Chip Salzenberg writes:
>  > According to Lincoln Stein:
>  > > And here's a general Perl technique for opening pipes without getting
>  > > the shell involved at all:
>  > >
>  > >    open (MAIL,"|-") || exec '/usr/lib/sendmail','-t','-oi';
>  > >    print MAIL <<END;
>  >
>  > Lincoln knows this, but for the less-experienced, I suggest it's not a
>  > good idea to let the fork and the exec go unchecked:
>
> I know it, but I don't usually do it.  The worst that can happen is
> that no mail goes out -- correct me if I'm wrong.

Sorry, but: If the fork succeeds and the exec fails, then you end up
with the parent and the child both executing the rest of the program.
Usually this is considered a bug.  :-/
--
Chip Salzenberg        - a.k.a. -        <chip () perlsupport com>
      "There -- we made them swerve slightly!"   //MST3K