Let's cover the convenience part first. If we want to have a Web page
that displays how long the server has been up and the current load
average, the exec
command is helpful:
% exec /usr/bin/uptime
4:04pm up 29 days, 4:32, 3 users, load average: 0.61, 0.66, 0.63
To make an AOLserver Tcl page that returns this output, you need only
wrap the exec
in an API call:
ns_return 200 text/plain [exec /usr/bin/uptime]
The photo sharing system at http://photo.net/photodb/ stores
user-uploaded content in the Unix file system and hence makes
extensive use of Unix commands to create directories, build thumnails
of uploaded images, etc. Here are some examples of how the photodb
system uses exec
:
# see how much disk space a user is consuming
set disk_usage [exec du -k $data_path]
# find out how large an uploaded image is (X-Y pixel size)
# by invoking the ImageMagick command "identify"
set identify_str [exec /usr/local/bin/identify -verbose $filename]
regexp {geometry: ([0-9]*)x([0-9]*)} $identify_str match image_x image_y
# create a thumbnail-sized image using the ImageMagick command "convert"
set result_status [exec /usr/local/bin/convert $filename -geometry $size_sm -quality 75 $filename_sm]
# remove a directory of user-uploaded images
if [catch { exec rm -f $path } errmsg] ...
eval
or subst
a cracker would
have a shell on your Web server.
If you don't need to use exec
an easy solution to the
problem is to redefine it:
% proc exec args { return "happy happy joy joy" }
% exec cat /etc/passwd
happy happy joy joy
If you do need to use exec
, at least make sure that your
Web server is running as an unprivileged user with limited authority
to execute Unix programs. Depending on your publishing requirements
and choice of Web server, it may be possible to run the Web server in
a chroot() environment (this is very easy with AOLserver 3.0). This
changes the root directory as far as the Web server is concerned.
Thus a Tcl program running within the Web server will not be able to
even look at files or programs elsewhere on the computer.
If you decide to run chrooted, you will have to copy any programs that
you actually do need to exec so that they are underneath the Web
server's root directory.
More: http://www.tcl.tk/man/tcl8.4/TclCmd/exec.htm
This is the last of the main Tcl topics. For more information, check
out aolserver.com and the books
referenced in this book.