Pathologically Eclectic Rubbish Lister | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Actually those two are subtly different. One of them has a single string, and Perl will hand that string to the shell to parse. If $host contains any special shell characters, the shell will interpret them; for example if $host was set to:
the shell will see something like: and will go ahead and try to remove your script, if it has permission. That is why Perl won't let you do it with taint mode on. The multi-argument piped open doesn't send anything to the shell, and so avoids this problem. There is also a difference in where standard error goes. In the first example it will be read from the pipe; in the second it will go to the original program's standard error, perhaps to a Web server error log. Finally, for this particular purpose, there is probably a module available on CPAN (like Net::DNS) that will do the work without using an external program at all. Good luck! In reply to Re^3: Insecure dependency in piped open
by sgifford
|
|