in reply to Re^2: Insecure dependency in piped open
in thread Insecure dependency in piped open
Actually those two are subtly different. One of them has a single string, and Perl will hand that string to the shell to parse. If $host contains any special shell characters, the shell will interpret them; for example if $host was set to:
the shell will see something like:www.google.com; rm /path/to/your/script
and will go ahead and try to remove your script, if it has permission. That is why Perl won't let you do it with taint mode on./bin/nslookup -type=any www.google.com; rm /path/to/your/script 2>&1 | +";
The multi-argument piped open doesn't send anything to the shell, and so avoids this problem.
There is also a difference in where standard error goes. In the first example it will be read from the pipe; in the second it will go to the original program's standard error, perhaps to a Web server error log.
Finally, for this particular purpose, there is probably a module available on CPAN (like Net::DNS) that will do the work without using an external program at all.
Good luck!
In Section
Seekers of Perl Wisdom