* Lawrence Furnival <[EMAIL PROTECTED]>
> Here is I am in a loop through multi lines from the copied from the
> clipboard and being feed back one line at a time to the clipboard:
>
> system "printf \"$_\" | pbcopy";
Whoa there! The above may allow a nefarious user to run arbitrary
shell commands:
#!/usr/bin/perl -w
use strict;
while (<DATA>) {
system qq{printf "$_" | pbcopy};
}
__DATA__
asdf"; touch /tmp/gotcha
With a piped open, there is no security risk, as the shell is not
involved:
#!/usr/bin/perl -w
use strict;
while (<DATA>) {
open PBCOPY, "|-" or exec 'pbcopy' or die "nuts: errno=$!\n";
print PBCOPY;
close PBCOPY;
}
__DATA__
asdf"; touch /tmp/gotcha
For more information on piped opens and security, consult:
http://sial.org/howto/perl/backticks/
http://perldoc.perl.org/perlipc.html
http://perldoc.perl.org/perlsec.html
