PEPPLER.ORG
Michael Peppler
Sybase Consulting
Menu
Home
Sybase on Linux
Install Guide for Sybase on Linux
General Sybase Resources
General Perl Resources
Freeware
Sybperl
Sybase::Simple
DBD::Sybase
BCP Tool
Bug Tracker
Mailing List Archive
Downloads Directory
FAQs
Sybase on Linux FAQ
Sybperl FAQ
Personal
Michael Peppler's resume

sybperl-l Archive

Up    Prev    Next    

From: Rakesh Dinger <dinger_rakesh at jpmorgan dot com>
Subject: Re: Executing sql statements stored in a file
Date: Sep 17 1997 7:44PM

Michael Peppler wrote:
> > ==>  Insecure dependency in system while running setuid at /dev/fd/3 line 281,
> >       chunk 13.
> 
> You should be able to fix that by using an absolute path to isql (ie
> something like 
> 
> system ("/usr/local/sybase/bin/isql -Usa -S$SVR -P$PWD -i $PROCFILE");
> 

Paul S R Chisholm wrote:
> > ==>  Insecure dependency in system while running setuid at /dev/fd/3 line 281,
> >       chunk 13.
 
> Try setting PATH to a fixed value, e.g., '/usr/bin:/opt/sybase/bin",
> instead of inheriting it from the environment? (If it works, please
> tell the Sybperl list.)

I tried both approaches and found that it works only when all the values are
hard-coded: whenever it encounters a variable, it complains. Hardcoding all
the values is not pratical especially when $SVR and $PWD are variables.


Eventually, I wrote the whole isql statement to a temporary file, chmoded to 700
and then executed it via system. It worked.

$SS1="$ENV{SYBASE}/bin/isql -Usa -S$f2 -P$f6 -I/tmp/interfaces -i$SQLFILE";
$SQLFILE="/tmp/stprocs.sql";
open (TMPSQL, ">$SQLFILE");
print (TMPSQL $SS1);
close (TMPSQL);
chmod 0700, "$SQLFILE";
$status1 = system ("$SQLFILE");


Thanks to Paul and Michael for their suggestions.


Cheers 

Rakesh

Phone : 212 235 4529		Email : dinger_rakesh@jpmorgan.com