[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Why `system` is safer with lists

[Thread Prev] | [Thread Next]

[Date Prev] | [Date Next]

Subject: Why `system` is safer with lists
From: mlists@xxxxxxxxx
Date: Wed, 10 Apr 2024 22:33:00 +0000
To: codeforce@xxxxxxxxxx

See also:
`perldoc -tf system`
`perldoc -t perlsec`

```
#!/usr/bin/env perl

use strict;
use warnings;

my $first_arg = shift or die "echo.pl needs an argument!\n";

# This is passed directly to `/bin/sh -c`, and leads to an easy command
# injection:
# ./echo.pl "I like cats, here is one now; cat /etc/passwd"
system "echo $first_arg";

# This is split up into words and passed directly to execvp, so not
# trivially exploitable. It'd require a vulnerability somewhere else.
system qw(echo), $first_arg;
```

Follow-Ups:
Re: Why `system` is safer with lists	Gry Llida (Lecturify) <support@xxxxxxxxxxxxx>
Re: Why `system` is safer with lists	jrmu <jrmu@xxxxxxxxxx>