Bugtraq mailing list archives
Re: Check system calls (was Re: Several new CGI vulnerabilities)
From: chip () PERLSUPPORT COM (Chip Salzenberg)
Date: Wed, 11 Nov 1998 12:00:08 -0500
According to Lincoln Stein:
Chip Salzenberg writes: > According to Lincoln Stein: > > And here's a general Perl technique for opening pipes without getting > > the shell involved at all: > > > > open (MAIL,"|-") || exec '/usr/lib/sendmail','-t','-oi'; > > print MAIL <<END; > > Lincoln knows this, but for the less-experienced, I suggest it's not a > good idea to let the fork and the exec go unchecked: I know it, but I don't usually do it. The worst that can happen is that no mail goes out -- correct me if I'm wrong.
Sorry, but: If the fork succeeds and the exec fails, then you end up with the parent and the child both executing the rest of the program. Usually this is considered a bug. :-/ -- Chip Salzenberg - a.k.a. - <chip () perlsupport com> "There -- we made them swerve slightly!" //MST3K
Current thread:
- Re: Check system calls (was Re: Several new CGI vulnerabilities) Chip Salzenberg (Nov 11)