×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

*
*
*
*

Thanks. We have received your request and will respond promptly.

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

executing a shell script from within a cgi script
2

thread219-42626

executing a shell script from within a cgi script

executing a shell script from within a cgi script

(OP)
I would like to run a Shell Script from within one of My Perl Scripts. Say I wanted to run the shell script “go.sh” how would I execute it from within my Perl Script, or what would the syntax be to kick it off? Preferably from within the Korn Shell.

RE: executing a shell script from within a cgi script

you can use `` to execute commands or system();

there is a difference between them, i just don't remember what it is right now.

RE: executing a shell script from within a cgi script

(OP)
Worked great!!! Thanks luciddream!

RE: executing a shell script from within a cgi script

be aware that you may be opening a huge security hole.  Check your inputs thoroughly, or you may get spanked.  

Any time you start a second process from inside a CGI, you must be deliberate how you spawn the second process and how you pass args to it.  Anyone who can do a 'view source' on a HTML form can easily figure out how to pass extra args in with your inputs from the form.  



 
 
 
 keep the rudder amid ship and beware the odd typo

RE: executing a shell script from within a cgi script

(OP)
Thanks for the advice goBoating, that was an interesting point that you made. For QA purposes, and to test the security of my web form what may one of these strings look like if someone was to pass extra args into it? I'd definitely like to test this out.  Also, what do you figure to be a better alternative to kicking off the shell script from within the perl script?

RE: executing a shell script from within a cgi script

Try: do "go.sh";  That may work as well.

As far as security, if your script input includes shell metacharacters which preemptively complete the expected command, and the input further contains other commands, then the perpetrator has gained access to the system with the privileges of the CGI uid.  For instance, the Perl code @ans = `grep '$user_field' some.file`; given predicted input to the $user_field variable would simply perform grep on it.  Given the user input to $user_field of ; rm -fr / ; would delete everything from the owner’s home directory (http://www.perl.com/CPAN-local/doc/FAQs/cgi/perl-cgi-faq.html).

Don't check for things which may break your code... match your input to exactly what it should look like if valid using regular expressions. Don't let any potentially invalid input be passed to your script; only accept what you know to be valid.

Enabling taint mode (#!/usr/bin/perl -T) will warn you if you have any dangerous system calls using data which has not been checked.


Sincerely,
 
Tom Anderson
CEO, Order amid Chaos, Inc.
http://www.oac-design.com

RE: executing a shell script from within a cgi script

(OP)
Excellent Information, many thanks

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login
Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close