How does Perl CGI code make it possible to "shell out" to the OS? I'm sure it ca... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		_kst_ on May 14, 2014 \| parent \| context \| favorite \| on: Passwords for JetBlue accounts cannot contain a Q ... How does Perl CGI code make it possible to "shell out" to the OS? I'm sure it can do so if the application isn't coded carefully, but how difficult is it to avoid doing the equivalent of passing user input to eval()?

area51org on May 15, 2014 [–]

It's not hard to avoid that, but in the nascent days of the web, few people were thinking that way. We were naive in our code. Sloppy, quickly written Perl was the norm.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact