|
|
sybperl-l Archive
Up Prev Next
From: Rakesh Dinger <dinger_rakesh at jpmorgan dot com>
Subject: Re: Executing sql statements stored in a file
Date: Sep 17 1997 7:44PM
Michael Peppler wrote:
> > ==> Insecure dependency in system while running setuid at /dev/fd/3 line 281,
> > chunk 13.
>
> You should be able to fix that by using an absolute path to isql (ie
> something like
>
> system ("/usr/local/sybase/bin/isql -Usa -S$SVR -P$PWD -i $PROCFILE");
>
Paul S R Chisholm wrote:
> > ==> Insecure dependency in system while running setuid at /dev/fd/3 line 281,
> > chunk 13.
> Try setting PATH to a fixed value, e.g., '/usr/bin:/opt/sybase/bin",
> instead of inheriting it from the environment? (If it works, please
> tell the Sybperl list.)
I tried both approaches and found that it works only when all the values are
hard-coded: whenever it encounters a variable, it complains. Hardcoding all
the values is not pratical especially when $SVR and $PWD are variables.
Eventually, I wrote the whole isql statement to a temporary file, chmoded to 700
and then executed it via system. It worked.
$SS1="$ENV{SYBASE}/bin/isql -Usa -S$f2 -P$f6 -I/tmp/interfaces -i$SQLFILE";
$SQLFILE="/tmp/stprocs.sql";
open (TMPSQL, ">$SQLFILE");
print (TMPSQL $SS1);
close (TMPSQL);
chmod 0700, "$SQLFILE";
$status1 = system ("$SQLFILE");
Thanks to Paul and Michael for their suggestions.
Cheers
Rakesh
Phone : 212 235 4529 Email : dinger_rakesh@jpmorgan.com
|
