bypass shell - pipe into child pid and receive otput

Discussion in 'Perl Misc' started by Mirco Wahab, Feb 12, 2007.

  1. Mirco Wahab

    Mirco Wahab Guest

    I'm trying to work with a filter prog
    under Unix from a Perl script (CGI).

    This program (htmldoc, => google) receives
    some command line parameters and some input
    via stdin - and returns its output via stdout.


    What I do is: piping through the shell, like:

    {
    ...
    my $htmlpage = '... several KB HTML stuff, comes from above ';
    my $prog = '/usr/bin/htmldoc';

    return
    qx{echo -e '$htmlpage' | $prog --webpage -t pdf -}
    }

    .... and receive the output directly back to the Perl script.
    This works somehow, BUT has tremendous security problems (imho).

    How can I bypass the shell, maybe via
    forking a child process, like:

    <pseudo>
    ...
    my $pid = open( my $pipe, "-|") or die "can't fork $!";
    unless( $pid ) { # did we get 0 pid back?
    exec $prog, $htmlpage
    }
    </pseudo>

    But this wouldn't give me the output of $prog back.

    What did I miss?


    Thanks & regards

    Mirco
     
    Mirco Wahab, Feb 12, 2007
    #1
    1. Advertising

  2. Mirco Wahab

    Guest

    Mirco Wahab <> wrote:
    > I'm trying to work with a filter prog
    > under Unix from a Perl script (CGI).
    >
    > This program (htmldoc, => google) receives
    > some command line parameters and some input
    > via stdin - and returns its output via stdout.
    >
    > What I do is: piping through the shell, like:
    >
    > {
    > ...
    > my $htmlpage = '... several KB HTML stuff, comes from above ';
    > my $prog = '/usr/bin/htmldoc';
    >
    > return
    > qx{echo -e '$htmlpage' | $prog --webpage -t pdf -}
    > }
    >
    > ... and receive the output directly back to the Perl script.
    > This works somehow, BUT has tremendous security problems (imho).


    What are those problems, IYHO?

    >
    > How can I bypass the shell, maybe via
    > forking a child process, like:
    >
    > <pseudo>
    > ...
    > my $pid = open( my $pipe, "-|") or die "can't fork $!";
    > unless( $pid ) { # did we get 0 pid back?
    > exec $prog, $htmlpage
    > }
    > </pseudo>
    >
    > But this wouldn't give me the output of $prog back.


    Well of course it wouldn't. Perl is a language, not a psuedo-language.

    > What did I miss?


    See above.

    Xho

    --
    -------------------- http://NewsReader.Com/ --------------------
    Usenet Newsgroup Service $9.95/Month 30GB
     
    , Feb 12, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeff Rodriguez
    Replies:
    23
    Views:
    1,213
    David Schwartz
    Dec 9, 2003
  2. NotGiven
    Replies:
    3
    Views:
    389
    Michael D. Kersey
    May 13, 2004
  3. NotGiven
    Replies:
    3
    Views:
    334
    Michael D. Kersey
    May 13, 2004
  4. Hal Vaughan

    Shell Commands (Getting PID and Timing Them)

    Hal Vaughan, Apr 5, 2005, in forum: Perl Misc
    Replies:
    11
    Views:
    314
    Brian McCauley
    Apr 6, 2005
  5. Richard
    Replies:
    2
    Views:
    153
    Brian McCauley
    May 27, 2005
Loading...

Share This Page