Program Input and Output

More Secure System Calls

• Because the system call passes a string to the shell, it represents a significant security hole for many applications.
• Malicious users can feed you inputs that confuse the shell and accomplish nefarious activities.
• Using system call with a comma delimited list of arguments tells Perl to use the first argument as the command to be run, and the remainder of the list as arguments to that command (not subject to normal shell interpretation).
• This has the disadvantage that you loose a lot of nifty shell capabilities, but has the advantage that you loose a lot of nifty shell capabilities (and thus significantly increase security).
• Example:
  

  # Say this code snippet is being executed by a web server, and the
  # user has entered a value for the $userName field into a web page.
  
  # Add user to guestbook log
  # (dangerous version)
  $sysCommand = "AddGuest $userName";
  if ( system($sysCommand) != 0 ){
      die "Unable to add user $!";
  }
  
  # Add user to guestbook log
  # (safer version)
  if ( system("AddGuest", $userName) != 0 ){
      die "Unable to add user $!";
  }
  

• If a user entered the name "; rm -rf *;", the web server could end up deleting all files in the current directory from the first form. The second form would likely just add the funny string to the guestbook, as long as due diligence was taken in the design of the AddGuest command.