#!/usr/bin/perl5.003 -T # # Listing 1. # # A simple Internet server that invokes finger and returns the # output to a Web browser. To access the server create a bit # of HTML that looks like this: # # <form method = GET action = http://HOSTNAME:7654/> # <input NAME = "user"> # </form> # # where HOSTNAME is the name of the machine on which you're running # the server. Enter the name of the user that you want to finger in # the text input field and hit carriage return. # require 5.002; use strict; use Socket; my( $proto, $port ); # Signal handler to get zombie processes. $SIG{CHLD} = sub { wait }; # Untaint PATH $ENV{PATH} = '/bin:/usr/bin'; # Create an Internet TCP socket. $port = 7654; $proto = getprotobyname( 'tcp' ); socket( S, AF_INET, SOCK_STREAM, $proto ) or die "socket:$!"; # Name the socket (bind it to an address). bind( S, sockaddr_in( $port, INADDR_ANY)) or die "bind:$!"; # Listen for client connections. listen( S, 5 ); # Loop indefinitely, accepting connections # as they arrive and forking a new process # to handle the request. for(; accept(NS,S); close NS ) { my $pid; if(!defined($pid = fork)) { die "Fork failed:$!"; } if ($pid) { print "Fork worked\n"; } elsif ($pid == 0) { # In the child process. close S; # Look for the user name in the HTTP GET request and # return the output of finger on this host for that # user. while (<NS>) { if($_ =~ /^GET/) { my($comm,$tag,$user,$http); ($comm,$tag,$user,$http) = split /[ =]/, $_; open(STDOUT, "+>&NS") || die "open:$!"; select(STDOUT); $| = 1; print "HTTP/1.0 200 OK\n"; print "MIME-Version: 1.0\n"; print "Content-Type: text/plain\n\n"; # Secure use of exec exec "/usr/bin/finger", $user; } } exit; #Child process should exit } } exit;