> > Dan> for(`ls /files/`) {
> > Dan> if(`cat $_ |grep $string`) { push(@matchedfiles,$_); }
> > Dan> }
> >
> > Hmm. Where to begin?
> >
> > - Dangerous use of ls.
> > - Useless use of cat.
> > - Dangerous use of backticks.
> > - Shelling out when every one of those steps is done as well
> > or better by Perl.
> > - Insecure use of child shells
>
> Hi Randal.
>
> I'll buy most of those, but wonder at your choice of 'dangerous'
> and 'insecure'?
>
> The return from the 'ls' bactick is certainly unpredictable and
> dependent on context. Is that what you mean? And surely backticks
> can't be inherently dangerous in any sense, only the command line
> that they embrace?
Randal's thinking of something like a file in the /files/ dir named $(rm -rf /), I
think.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
