develooper Front page | perl.perl5.porters | Postings from June 2008

Re: [perl #50146] File::Temp and unsafe shell characters

Ed Avis
June 2, 2008 06:28
Re: [perl #50146] File::Temp and unsafe shell characters
Message ID:
Ed Avis <eda <at>> writes:

>(BTW, is there a good alternative to this?  I mean a convenient syntax
>for setting up shell pipelines and redirection but without relying on
>string interpolation.)

I was thinking of an interface that lets you say things like

    run [ 'ls', '-l', $filename ], '|', [ 'wc', '-l' ]

as a safe alternative to

    system "ls -l $filename | wc -l"

which, as everyone here knows, requires tedious sanity-checking of $filename to
avoid unexpected behaviour or security holes caused by shell metacharacters. 
Multi-argument system() is safe but doesn't support piping and redirection.  So
is there something that gives both convenience and safety?

It turns out that just such a module exists: IPC::Run.

IPC::Cmd (built on IPC::Run) and IPC::System::Simple also provide a safe and
convenient way to run external commands, capture output if wanted, and get error
checking without the crazy $? & 127 stuff.  So I don't think there is much
reason to use builtin system() any more.

Ed Avis <> Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About