| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
Comments:
<0> param*
<1> Korthrun: If you happen to be refering to parameters sent in the URL of a POST requset, then see the url_param function of CGI.pm.
<0> woggle:I'll look at it now, thanks much
<0> woggle:is that new? I was pulling some of this from a template I made a few years ago
<2> Being that I'm not a Perl programmer, but can follow the same sort of practices as I would in C. In general would most experienced Perl programmers say that (#!/usr/bin/suidperl -wT) Is just as relatively "safe" as the equivalent C wrapper? (Meaning is it safe to make Perl script setgid) I'm getting mixed opinions from what I read online.
<1> codestrom: You should never invoke suidperl directly.
<1> codestrom: It will be invoked automatically if needed.
<3> I would recommend an OS that claims to have secure suid scripts.
<4> correct. early #! were spoofable
<0> I'm starting to think it's something with apache, because according to the CGI docs param() should work, as well as url_param() but neither do. though either work with GET :(
<3> anyway, perldoc perlsec
<5> The perldoc for perlsec - Perl security is at http://perldoc.perl.org/perlsec.html
<1> codestrom: Perl setuid emulation has had two local root exploits in the past, but the current implementation has no known flaws now.
<2> woggle: in general is setgid something a perl programmer would "trust" or more likely do a C wrapper? I'm really trying to keep the build process on this project as clean as possible
<6> codestrom: Personally, I wouldn't feel comfortable with it
<2> buubot: thanks
<6> codestrom: Using suidperl, that is
<1> I think the current perl setuid emulation does the correct thing, and it certainly does the correct thing on systems with proper setuid script support. But the past security record may make you uncomfortable with using sperl.
<2> revdiablo: so would you do C wrapper or another way?
<6> codestrom: I've used sudo happily
<2> revdiablo: sudo == log spam and other disadvantages..
<7> damn
<7> pg rocks so hard.
<3> log spam? I wouldn't call it spam.
<8> pg ?
<6> codestrom: Well, do what you need to. I'm just explaining my preferences
<2> revdiablo : sure and I appreciate that.. I was just wondering if you had a different outlook on the sudo + filling logs
<2> ayrnieu : define log spam then? :)
<3> codestrom - something that isn't /var/log/secure
<3> if you find that you can't read that effectively, some kind of... log... reading... tool might help.
<2> ayrnieu: I can define that stuff and where things all go, but 10k entries of xyz perl script exec is of little interest in and of itself
<4> yeah, you'll need some sort of tool that can process text well, maybe looking for patterns.
<4> Gosh. I wonder where we're gonna get one of those?
<6> Someone should write a language that is good for that
<3> codestrom - until someone exploits your perl script :-)
<9> Gooooood morning!
<2> ayrnieu : exactly.. that's the difference.. :P
<4> maybe something that can practically extract text, looking for and reporting items... some language like that.
<10> merlyn: if only someone would WRITE such a thing!
<2> ayrnieu: but a false positive rate of 99.99% isn't good
<3> anyway, 10k lines of the same thing but with unimportant differences is just as hard to read as 10 lines, with cleverness.
<6> merlyn: Jeez you'd think someone would have thought of that 20 years ago
<4> Yeah, or maybe 19 years ago. :)
<10> they'd be up to version 6 by now!
<4> Well, maybe just working on version 6
<11> merlyn: Something practical, that can extract stuff and report on it would be perfect.
<4> or they could use it to patholgically elcectically list rubbish too
<11> Sure, in a realtive sort of way.
<3> that's always the case, merlyn.
<11> relative
<11> My wife and son both p***ed the Technician cl*** ham test today.
<11> Yay.
<6> Yaakov: Oh no, what have you done!
<3> Yaakov has rendered his family into technical ham!
<2> That's for the tainted input guys.. later
<11> I have five more to get licensed.
<2> s/That's/thanks
<6> ayrnieu: It's peeeeeeople!
<11> It will take a while.
<6> Heh, he called our input tainted.
<10> ($input) = $input =~ /(.*)/ # phew, we're safe
<6> You dirty taint dodger
<3> Botje! What if there was a "/destroy world" in that?
<10> where there's a will, there's a way, so the world would be destroyed anyway. no use fighting it
<6> He's a nihilist!
<3> shrug your shoulders and be weaponized.
<6> "We believe in nothing, Lebowski. We ****s you up"
<12> where do you take that test Yaakov?
<12> I've always thought the FCC were slightly naziish
<3> underdawg - they hardly ever invade Poland.
<11> It is all volunteer now, completely distributed.
<11> Hams do the testing.
<3> ah, sweet anarchy.
<6> Hams testing hams?
<12> i never really got into it
<6> That sounds vaguely incestuous
<3> sheep will sheer sheep, soon.
<12> I have a ham radio but when i bought it it was hacked into a cb radio
<11> Yes but with all sorts of paperwork.
<12> still broadcasts WAY over the limit :D
<3> I should get a CB...
<12> there should be a programming channel
<12> on CB
<12> or like... teamspeak
<6> Talking about programming over the radio?
<11> There is a #ham_radio, but I don't know of an IRC Net on the air.
<3> we're still lacking in localized internet.
<11> I wrote a perl module for IRLP. It's really just a crap wrapper.
<11> That is, it wraps the crap that IRLP provides.
<11> But, it works--and makes writing IRLP applications easier.
<11> GumbyBRAIN: ham radio
<13> Yaakov: If you think it prefers ^z on a mexican, radio!
<10> GumbyBRAIN: pork radio
<13> Botje: the end of a chair, for i had similar troubles.
<11> GumbyBRAIN: ham radio
<13> Yaakov: ham radio.
<14> GumbyBRAIN: Jews did WTC.
<13> ew73: Jews did wtc http://www.jewdidwtc.com.
<14> Awsome.
<3> GumbyBRAIN: Jews did wtc is brought to you by idiot spammers and primitive hate
<13> ayrnieu: Hate is no error.
<11> GumbyBRAIN: design a new form of hope and sell it on ebay
<13> Yaakov: how do you know of any decent parent should teach it how to design and insisted upon than the pope, by way of a new scripter with something.
<11> GumbyBRAIN: mail order bride
<13> Yaakov: Andi is like the order of the bride, when, through thirst of gold, and settling in peace with my sensitive information.
<11> GumbyBRAIN: phreaking, phishing and pharming in the Philipines.
<13> Yaakov: It is now, doing all of the sixth and seventh magnitude were conspicuous, that, at the prefecture, a full refund of the phishing attempts i succeeded in reaching me.
<11> GumbyBRAIN: beloved Andi
<13> Yaakov: Andi is like sausage...
<11> Engimatic.
<11> Enigmatic.
<14> GumbyBRAIN: Did you do WTC?
<13> ew73: Who did you do wtc?
<11> GumbyBRAIN: beloved Andi
<11> oops, misfire.
<11> GumbyBRAIN: beloved Andi
<13> Yaakov: Andi is the only bit of logic needs to be executable.
<11> GumbyBRAIN: bride sausage
<13> Yaakov: Mac users, do not go fer trubble dat bug - you mus git him for sausage.
<11> Hm.
<11> GumbyBRAIN: bride sausage
<13> Yaakov: beloved sausage.
<15> heh our week email got smalled with 11,000 emails
<6> s/(\d+\.\d+)$/sprintf"%d",$1/ge
<15> *work
<6> Hooray for /e
<15> hrm, haven't seen /e
<6> I guess I could've just done s/(\d+)\.(\d+)$/$1/
<6> kilohurt: It evaluates the 2nd part of s/// as Perl code, instead of just a string
<11> /e is fun, yet scary.
<16> It's like eval()ing chocolate pudding upside down.
<17> useful for lots of ****
<11> buippnd?
<4> especially the /ee version, discovered accidentally, and immortalized in a JAPH of mine
<4> ... http://www.stonehenge.com/merlyn/UnixReview/col20.html
<17> merlyn: what does /ee do?
<6> It was discovered accidentally?
<4> it runs eval twice
<6> ee evals twice, of course
<3> revdiablo - yes. Perl is a land of discovery.
<17> haha
<4> in fact, near the end of that column, I motivate "ee" for real usage.
<6> ayrnieu: Full of language features that spontenously emerge? =)
<6> Spontaneously even
<16> (soft refs inside soft refs)++
<6> eieio
<6> Haha, oh my.
<11> Eie::IO
<18> evening all
<15> revdiablo: ahhh very cool
Return to
#perl
or
Go to some related
logs:
concatenate aqt
madriva aiglx compiz
grub2 LZO ubuntu
pivot_root debootstrap
rpc timed out etch
how to install hydra on ubuntu thc
#linux
#web
/etc/motd asciiart
#linux
|
|