> Date: Wed, 9 Jul 1997 13:00:07 -0600
> From: Oliver Friedrichs <oliverf@SILENCE.SECNET.COM>
> > They are...
> >
> > ^ (acts as pipe under some shells)
> > \n (acts as shell delimeter)
> > \ (in the esc_chars version of the function, this allows \; to
> > be escaped as \\;, then unescaped by shell into \; again.)
> >
> > This should be somewhat distrubing as a rather fearful number of
> > people have read that document and only a very few have actually
> > noticed these oversights. I certainly hope the majority of programmers
>
> This is true, however in the context of this particular bug (Glimpse) this
> isn't the case. The reason for this being that open() in perl does not
> honour these escape characters.
I think perl just passes the string to the shell program (set at
compile time?) which is usually /bin/sh. So, most shells will
interpret a linefeed or semicolon as a command separator, and some may
take ^ as a pipe.
For example,
$ perl -e 'open FOO, "echo \$RANDOM\ndate\;id|"; print <FOO>;'
18773
Fri Jul 11 09:52:20 EST 1997
uid=500(mbp) gid=500(mbp) groups=...
- --
Martin Pool <m.pool@pharos.com.au>
Pharos Business Solutions
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: http://www.pharos.com.au/mbp/public_key.txt
iQB1AwUBM8V19Tr8By6pblTZAQEO1wL6A7LujtV5a0O6R1DiCQoGRkbjK0qUVNTY
5A8xZc4aZhHGBTpKIQp8k3mZB0TLoN4T8oqYoCq2AEcRUIo2N6DpZ330mRvujxtO
bell4Nae2XU4RIHOjCSIKrRA2j1duLe1
=Y0vB
-----END PGP SIGNATURE-----