[ Stephan Mueller writes: ]
>
> However, system "dir"; works, which would be contrary to the documentation.
> At what point does NTPerl decide to call the shell, not run a program called
> DIR? It can't be looking, since a DIR.BAT file in the same directory is not
> called; it still uses the shell's DIR. I tried a command that is in 4DOS/NT
> but not in CMD.EXE and it worked; with a bad command I got an error from
> 4DOS, not from Perl. From this it would appear that it always executes the
> shell, not the command directly.
If this is true, it's very unfortunate because deliberately not
executing the shell is often used as a security measure. I would imagine
that such a decision also impacts the -T taint checks, i.e. were taint
checks added to this implementation to warn of insecure usage when the
shell is always invoked or does it continue to pass what would otherwise
be safe (non-shell) execs?
Although always executing the shell to implement backticks/system()/
exec()/etc. might be the easy way out, it has significant impact on many
scripts that might be ported to NT, not to mention system security on NT
itself. It would be quite disappointing, not to mention a significant
liability to Microsoft and Hip, to discover that measures taken to
secure Perl CGI scripts, for example, were in vain because the NT Perl
port subverted them.
Somebody please tell me I'm wrong. Provide proof and show your work. ;-)
--
Dave Wolfe *Not a spokesman for Motorola* (512) 891-3246
Motorola MMTG 6501 Wm. Cannon Dr. W. OE112 Austin TX 78735-8598
>
> However, system "dir"; works, which would be contrary to the documentation.
> At what point does NTPerl decide to call the shell, not run a program called
> DIR? It can't be looking, since a DIR.BAT file in the same directory is not
> called; it still uses the shell's DIR. I tried a command that is in 4DOS/NT
> but not in CMD.EXE and it worked; with a bad command I got an error from
> 4DOS, not from Perl. From this it would appear that it always executes the
> shell, not the command directly.
If this is true, it's very unfortunate because deliberately not
executing the shell is often used as a security measure. I would imagine
that such a decision also impacts the -T taint checks, i.e. were taint
checks added to this implementation to warn of insecure usage when the
shell is always invoked or does it continue to pass what would otherwise
be safe (non-shell) execs?
Although always executing the shell to implement backticks/system()/
exec()/etc. might be the easy way out, it has significant impact on many
scripts that might be ported to NT, not to mention system security on NT
itself. It would be quite disappointing, not to mention a significant
liability to Microsoft and Hip, to discover that measures taken to
secure Perl CGI scripts, for example, were in vain because the NT Perl
port subverted them.
Somebody please tell me I'm wrong. Provide proof and show your work. ;-)
--
Dave Wolfe *Not a spokesman for Motorola* (512) 891-3246
Motorola MMTG 6501 Wm. Cannon Dr. W. OE112 Austin TX 78735-8598