| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Comments:
<0> kspath : ok
<1> suppaman: you have a few potential SQL injection vulnerabilities there.
<2> rindolf: i.e. ?
<3> "bryceb" at 68.185.198.77 pasted "instead of sending the $word to the subroutines, i just want to iterate through them" (25 lines, 560B) at http://sial.org/pbot/17649
<2> rindolf: this is a one-shot run script
<1> suppaman: OK.
<4> perlbot: karma camel
<5> camel doesn't have any karma
<4> perlbot: karma camels
<5> camels doesn't have any karma
<2> rindolf: the strange thing is it changed 20 e8 20 into 20 ef bf bd 20 (I included a leading and a trailing space)
<2> what kind of encoding is this ??
<6> i'm almost there... i just need a tiny bit more help to know how to p*** a variable to the subroutine. see pasted code at http://sial.org/pbot/17649
<1> suppaman: maybe UTF-8?
<2> I think, but is'nt UTF-8 16 bit ?
<7> suppaman: No. UTF-8 is a superset of ASCII.
<1> suppaman: no, UTF-8 is ASCII along with character escapes.
<4> UTF-16 is 16-but
<4> *bit
<8> sweet, they have GPS expansion boards
<4> UTF-32 is 32-bit, UTF-9 is 9-bit...
<9> Gads perlsec ****s! I have a totally empty PATH var and still get 'insecure $ENV{PATH"' wah!
<1> suppaman: where the characters above 128 are represented as multi-byte chars.
<7> Though some characters take 32 bits in UTF-16.
<1> scampbell: what's perlsec?
<1> Fennec: there's also UTF-7.
<1> UTF-9 was a joke RFC.
<9> perl security, the stuff it does to make sure setuid progs aren't dangerous.
<7> scampbell: Did you explicitly set $ENV{PATH} in your script? Test case?
<1> May be useful for PDP-10's, etc. but these systems are obsolete.
<4> rindolf: I know that :P
<9> yep, $ENV{'PATH'}=''; It's till insecure. I'm starting to think HP's perl port is buggy.
<10> scampbell: logic check?
<9> kspath: I don't understand the comment.
<7> Does $ENV{'PATH'} = '/bin' work any better?
<9> woggle: nope, actually tried exactly that.
<4> I really don't quite know what I'm talking about here, but maybe you need the path un-set before the Perl script itself is launched.
<2> I think I should force $content to be windows latin or mac roman (that I write into)
<4> utf8++
<11> $ENV{PATH} = "/tmp"; :)
<7> scampbell: And you cleared the other env. vars. perlsec talks about?
<12> $ENV{PATH} = "/bin" ought to do it, unless "/bin" is writable or someone has screwed with perl.
<2> Fennec: me ?
<9> I believe so. I have: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
<2> shorten: http://www.brapi.net
<2> shorten is a bot, isn't it ?
<7> scampbell: And you're doing this first thing in your script?
<11> no - he's a guy working very hard.
<9> Yep, only thing in front if use strict and use warnings.
<2> merlyn: I asked as I wrote an url and he suddenly typed shorten suppaman's url is at http://xrl.us/m8bi
<9> I've got a short C program that pulls the actual users name, does a setuid, calls the perlscript with the usersname as the first arg. It's really weird and frustrating.
<10> shorten: Who owns you?
<4> shorten [n=xrl@203.141.139.231.user.ad.il24.net]
<4> ircname : http://metamark.net/bot shortenbot/
<4> /whois is your friend
<9> I'm going to port it over to my linux box as a sanity check... I really am thinking hp borked the perl port.
<2> I'll go with Latin 1
<7> scampbell: Can you try putting a BEGIN { ... } block around it?
<2> Fennec: didn't tought of whois..
<7> scampbell: (Just the %ENV fixing.)
<4> suppaman: be sure it's ISO-8859-1 instead of WINDOWS-1252
<9> Hmm, now this is weird. If, in my C wrapper, I call sudo (already as root) to start the script it works fine. I guess I better back up and see how I could possibly be munging this before I get to perl. setuid(0); exec ("blah","blah","option",NULL); is awfully clear though.
<2> Fennec: i'll be
<13> anyone know how difficult it might be to embed a perl interpreter in a java app, sort of like modperl with apache?
<11> perl goes into mandatory taint mode only if real uid != effective uid
<11> in sudo, those are the same
<11> only the hint of what happened in the env is the clue
<11> argh - bad construction of sentence there
<9> merlyn: ah, thanks. the sudo thing is just masking the problem then.
<1> jorvis: you'll need to create or find JNI bindings.
<1> jorvis: or use CORBA or whatever.
<2> I've got no Encode modules available
<13> I can find tons of tutorials online of how to do it in C
<10> scampbell: masking what problem?
<10> scampbell: than logical then time
<9> kspath: if sudo is preventing perl from realizing it should be in taint mode then I call that "masking the problem"
<10> jorvis: write a perl interpreter in java?
<4> jorvis: embed Perl into C, then embed C into Java with JNI.
<4> shouldn't be TOO hard. :P
<14> MySQL's 'INSERT ... ON DUPLICATE KEY UPDATE ...' rocks my socks off
<15> japhy: too bad it's not portable
<14> well, I'm only using mysql here.
<14> it's a work box.
<14> it's not for general consumption
<15> but then you start inserting text into int fields and mysql NULLs it
<15> then you're really in deep ****
<15> "japhy, what happen to the ____ data?"
<16> howdy folks.
<2> can I create an inline macro-statement ?
<2> I've got an or die statement and I'd like to add a print line before die, but if I do or { print "blah"; die it gives me an error
<11> that's because a block isn't an expression
<11> EXPR or EXPR
<11> it wants an expression
<11> do BLOCK is an EXPR though
<11> something_that_might_be_false or do { statement; statement; statement };
<2> merlyn: that sound wonderful, thanks
<11> it's very important to keep what is and isn't an expression clear
<11> EXPR if EXPR; is a statement, not an EXPR
<11> which is why you can't nest them
<11> if larry had defined (as in basic+) that EXPR if EXPR is an EXPR, then you could have had nested items. But after seeing the abuse of that in BASIC+, larry wisely prevented that.
<12> How so?
<11> how is it an abuse?
<11> or how did larry prevent it? :)
<12> How was it abused?
<11> lots and lots of EXPR if EXPR while EXPR
<12> M.
<11> so that you really had to read your program bottom up
<12> Right, I see. Thanks.
<11> EXPR if EXPR is already a bit abusive, being a reverse of the normal control flow
<11> but it comes in so darn handy
<17> i have one problem, i have one file with certail records
<11> curtail?
<17> There is a number on certain line which needs to be read and added to the number in the same location on the following page as long as certain criteria is met
<11> certain?
<18> page?
<11> I have files with uncertain records. They need to see a therapist. :)
<11> yeah, what does "page" mean for a file?
<11> is this a PDF?
<17> no simple text the number is a simple number field
<17> after counting and adding i have to put the total on the first page
<19> probably craft an interesting re that delimits a "page" and another that finds the number. Then loop and sum.
<19> maybe a job for a templating system
<11> what is "page"?
<11> you keep saying that. :)
<17> so how can i track back to first page to add a total on that
<11> what defines a "page" in your file?
<20> merlyn: pageness
<11> pageitude!
<11> certain pageitude!
<19> piyush_patel: you could seek back
<17> a page is set of fields separated by page break char
<11> what is a page break char? ^L ?
<19> piyush_patel: you could also do a two p***es
<19> or you could slurp and spit.
<20> merlyn: ^L or 60 lines since the last ^L or beginning of file.
<20> Duh :)
<11> you could do hundreds of p***es. :)
<20> This is well defined and very common
<11> p*** "test p***ed" for 1..100;
<11> how to get only 5% failure in your tests. :)
<20> print "$_ ok\n" for 1..rand 5e4;
<19> merlyn: this sounds like he's hunting for an implementation scheme
<11> Yeah - but I can't parse the problem well enough to help
<11> I really should be reading more email... :)
<17> cfedde: how two p*** will do it?
<19> piyush_patel: if you go through the first time gathering the interesting bits of data. Then go through the second time updating the parts you collected in the first p***
<17> okeeeyyyyyyyyy
Return to
#perl
or
Go to some related
logs:
what does sfsdf mean
no acceptable c compiler xubuntu
#perl
atrpms win32codec
selinux tomcat 8080
namp for ubuntu
#linux
debian *** environment incomplete: MK_QTDIR=. Stop.
#linux
EFNET mur
|
|