On Mon, Aug 24, 2009 at 06:06, Tim Bowden<tim.bow...@mapforge.com.au> wrote: > On Mon, 2009-08-24 at 14:46 +0200, Rob Coops wrote:
> <snip> >> In your case where you run the script from a command line you will still >> want to make sure that a user is not for instance printing a socket or some >> part of the memory. > > The -f test returns true if the argument is a 'regular' file, and false > if it is not a regular file. I guess what I'm really asking is what > exactly constitutes a regular file? > >> I could quite possibly send you a string that will not >> fail your test, but will also execute a very bad command. > > That would be very interesting to see. What sort of file would be > 'regular' but still do something very bad? Depends on what you're doing with the file. A decade or so ago, a popular Perl-based forum system accidentally let remote users retrieve any arbitrary file, including (in the most popular attack) the forum's username/password list. -- Mark Wagner -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/