Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re^5: RFC: Perl-Critic policy: ProhibitInlineSystemArgs

by BrowserUk (Pope)
on Jul 01, 2006 at 23:51 UTC ( #558814=note: print w/replies, xml ) Need Help??


in reply to Re^4: RFC: Perl-Critic policy: ProhibitInlineSystemArgs
in thread RFC: Perl-Critic policy: ProhibitInlineSystemArgs

There's always a way of coding things that doesn't run afowl of this stricture, and it doesn't involve extra work for the coder

Sorry theorbtwo (nice to see you BTW), but that just isn't so. Take

system 'myprog | tee mylog | sort >myfile.sorted';

Perhaps you would consider how little (much) extra work is involved for the coder to achieve the above without using the shell?


Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.

Replies are listed 'Best First'.
Re^6: RFC: Perl-Critic policy: ProhibitInlineSystemArgs
by runrig (Abbot) on Jul 02, 2006 at 03:16 UTC
    I would write something that would make that easy, something like this, which would take a little more work to output to a file at the end of the pipe, and to use the indirect object syntax of exec, so that even a command with no arguments is (update: slightly more) secure.

      But your missing the very first step. You need to decide what type of file myprog is, where it is, what executable is required to run it, then locate that executable and invoke it with myprog as it's argument long before you reach the point of needing to re-invent the wheel of command pipelinining.

      ... so that even a command with no arguments is secure.

      And how are you going invoke this mythical "secure perl script"? Via a shell?


      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
        Huh? Did you read the post I was replying to (update: hmm, you wrote it, so I guess you did)? You seemed to be complaining about the difficuly of executing a pipeline of code while still using a system(@list) type syntax (or maybe I am misinterpreting). I didn't see where it said myprog either needed an executable to run it or was itself an executable. The pipeline started off with myprog, I just want to make sure I execute myprog, and when you exec($command) with only the one argument, you can use the exec {$command} $command syntax (or exec {$args[0]} @args)...which is a somewhat more secure way to exec. I'm not saying the entire program is absolutely secure because of this. (Yes, I agree it's more secure if you supply the entire path to myprog).

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://558814]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (6)
As of 2020-11-24 13:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?