Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > taint: system vs. backticks and permissions

Reply
Thread Tools

taint: system vs. backticks and permissions

 
 
Kristina Clair
Guest
Posts: n/a
 
      08-27-2004
Hi,

I have a perl script running suid root (thus running in taint mode), and
I'm trying to execute a shell command. Usually I do this using
backticks so I can get the output, and usually it is not a problem.

However, in this instance I am trying to execute a python script, and
the python script does not seem to be running as root, but as the apache
user.

Interestingly, using system() changes this and the python script runs
appropriately as root. But, I'm having the following problems:

- if I use system("/python/command args") then the python script
executes appropriately but the output from the python script is being
sent to httpd and i'm getting an internal server error due to malformed
headers

- if I use system("/python/command args >/dev/null") perl does not like
this at all and it seems to not only not execute the python script, but
it runs the perl script again from the beginning (!?!?!?!)

So I'm very confused by this behavior. Does anyone have any ideas about
what is going on? What is the difference between using backticks and
system() in terms of how the perl script is calling the python script?
And is there a way for system() to be happy but not send output to httpd?

Thanks for any help.
Kristina
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Backticks and timeouts Allen Coley Ruby 2 07-23-2008 04:10 AM
regex-verfier cgi - dont want to use system or backticks TechCrazy Perl Misc 4 06-18-2005 09:29 PM
backticks and Veritas Netbackup commands Brian W Perl Misc 1 05-29-2005 07:09 PM
angle operator, backticks, and redirection Ed Mancebo Perl Misc 6 01-13-2005 03:18 AM
Re: Permissions - giving "everyone" full permissions is bad ? Scott Allen ASP .Net 0 07-13-2004 08:54 PM



Advertisments