Windows,ASSOC,FTYPE,.pl,.plx,.sh

In setting up Perl within a Windows OS, what's the best way to
configure Perl so that a Perl file can get run inside a cmd.exe
prompt, but without using ASSOC or FTYPE to configure things.

Once ASSOC and FTYPE are run, they configure HKLM inside the
registry which in turn makes the whole operating system realize
Perl is installed, and makes the operating system vulnerable to
various exploits.

I hope to run a Perl application/script only inside a specific
cmd.exe prompt, preferably one set up with a .cmd or .bat file,
that in turn does not anyone viewing a website to run Perl. In
other words, I seek to not allow the whole operating system to end
up with the global updates that commands, ASSOC and FTYPE, employ.

Does anyone know of a way to prevent ASSOC and FTYPE from making
a change to the registry? Or perhaps of another way other than
having to type in "Perl.exe printenv.pl"?

--
Jim Carlock
Doctors commonly tell people that there is NO known way to cure
pink-eye without using some sort of medication.
A Natural Cure For Many Forms Of Conjunctivitis
(A Natural Cure For A Variety Of Pink-eye)
http://www.associatedcontent.com/article/381336/saliva_a_nat ural_cure_for_conjunctivitis.html

Re: Windows,ASSOC,FTYPE,.pl,.plx,.sh

Post removed (X-No-Archive: yes)

Re: Windows,ASSOC,FTYPE,.pl,.plx,.sh

[A complimentary Cc of this posting was NOT [per weedlist] sent to
Jim Carlock
], who wrote in article <470edc56$0$9585$4c368faf@roadrunner.com>:
> In setting up Perl within a Windows OS, what's the best way to
> configure Perl so that a Perl file can get run inside a cmd.exe
> prompt, but without using ASSOC or FTYPE to configure things.

With 4DOS/4OS2/4NT, you could do this by

alias .pl perlexe.exe

or some such. AFAIK, this is not possible with CMD. IMO, an
extremely stupid limitation... You can make CMD look for .pl files on
PATH, but it would not know how to run them; you need to have a .cmd
wrapper for each .pl file on your system.

Hope this helps,
Ilya

Re: Windows,ASSOC,FTYPE,.pl,.plx,.sh

Jim Carlock wrote:
> In setting up Perl within a Windows OS, what's the best way to
> configure Perl so that a Perl file can get run inside a cmd.exe
> prompt, but without using ASSOC or FTYPE to configure things.
>
> Once ASSOC and FTYPE are run, they configure HKLM inside the
> registry which in turn makes the whole operating system realize
> Perl is installed, and makes the operating system vulnerable to
> various exploits.
>
> I hope to run a Perl application/script only inside a specific
> cmd.exe prompt, preferably one set up with a .cmd or .bat file,
> that in turn does not anyone viewing a website to run Perl. In
> other words, I seek to not allow the whole operating system to end
> up with the global updates that commands, ASSOC and FTYPE, employ.
>
> Does anyone know of a way to prevent ASSOC and FTYPE from making
> a change to the registry? Or perhaps of another way other than
> having to type in "Perl.exe printenv.pl"?
>

So you want to install Perl on a windows server but do not want Perl
scripts to execute via the web. Correct?

What web server are you using? Would your security concerns be
addressed if you disassociate Perl within the web server configuration?
I know with IIS 6, Perl is not automatically enabled when you install
Perl, you must do extra configuration to enable Perl.

--

Len

Re: Windows,ASSOC,FTYPE,.pl,.plx,.sh

"l v" wrote...
: So you want to install Perl on a windows server but do not want
: Perl scripts to execute via the web. Correct?

Perl is already installed. I just want a fully enabled cmd prompt,
but I don't want to go through the GLOBAL changes that FTYPE and
ASSOC apply. Environmental variables are locally maintained within
a cmd prompt, meaning if you change one of those, they only affect
that particular cmd prompt and NONE of the others that are already
open and that open in the future. I'm wondering if there's a way to
get an association to take effect without GLOBALLY producing the
association.

It's 100% a problem to Windows NT and possibly Windows 9x. In effect,
it's more of learning how to work with a cmd prompt than it is any-
thing else. I was hoping someone within the Perl group delt with it
in the past and knew of an answer.

I know how to configure httpd.conf to run Perl within an Apache web-
server (that's not what I'm dealing with).

Perl is installed, but ASSOC points the extensions to a handler that
does not handle anything, so typing in a Perl filename inside a cmd
prompt does not run the files. The cmd prompt needs to get configured
to make sure the PATH environmental variable points to a proper path,
and then to run the scripts... I think I need to dig into permissions
and reconfigure Apache with a different set of permissions. If any-
one has a link explaining configuring Apache permissions on a Windows
server, that would be kindly appreciated.

Thanks.

--
Jim Carlock
Swimming Pool, Spa And Water Feature Builders
http://www.aquaticcreationsnc.com/

Re: Windows,ASSOC,FTYPE,.pl,.plx,.sh

There a way to make the shebang work on a Windows system?

--
Jim Carlock
Swimming Pool, Spa And Water Feature Builders
http://www.aquaticcreationsnc.com/

Re: Windows,ASSOC,FTYPE,.pl,.plx,.sh

Quoth "Jim Carlock" :
> Perl is already installed. I just want a fully enabled cmd prompt,
> but I don't want to go through the GLOBAL changes that FTYPE and
> ASSOC apply. Environmental variables are locally maintained within
> a cmd prompt, meaning if you change one of those, they only affect
> that particular cmd prompt and NONE of the others that are already
> open and that open in the future. I'm wondering if there's a way to
> get an association to take effect without GLOBALLY producing the
> association.

No.

> It's 100% a problem to Windows NT and possibly Windows 9x. In effect,
> it's more of learning how to work with a cmd prompt than it is any-
> thing else. I was hoping someone within the Perl group delt with it
> in the past and knew of an answer.

However, it is not in any way a Perl (or perl) question, so please take
it elsewhere.

Ben

Re: Windows,ASSOC,FTYPE,.pl,.plx,.sh

"Ben Morrow" wrote:
: However, it is not in any way a Perl (or perl) question, so please
: take it elsewhere.

Hi, Ben,

It deals with Perl but not only Perl, and because it deals with PHP,
VB and many others, consider it specifically a Perl issue, as Perl
represents the only problem presented. If you don't know the answer,
trying to understand the problem might help, and if the answer still
remains elusive, trying to understand the problem again might help.
If the understanding presents itself, and an answer remains elusive,
searching and working through things helps. An answer exists and it
may exist for other programs as well. I'm still digging through it
all just not full-time.

--
Jim Carlock
Swimming Pool, Spa And Water Feature Builders
http://www.aquaticcreationsnc.com/

Re: Windows,ASSOC,FTYPE,.pl,.plx,.sh

Jim Carlock wrote:
> "l v" wrote...
> : So you want to install Perl on a windows server but do not want
> : Perl scripts to execute via the web. Correct?
>
> Perl is already installed. I just want a fully enabled cmd prompt,
> but I don't want to go through the GLOBAL changes that FTYPE and
> ASSOC apply. Environmental variables are locally maintained within
> a cmd prompt, meaning if you change one of those, they only affect
> that particular cmd prompt and NONE of the others that are already
> open and that open in the future. I'm wondering if there's a way to
> get an association to take effect without GLOBALLY producing the
> association.
>
> It's 100% a problem to Windows NT and possibly Windows 9x. In effect,
> it's more of learning how to work with a cmd prompt than it is any-
> thing else. I was hoping someone within the Perl group delt with it
> in the past and knew of an answer.
>
> I know how to configure httpd.conf to run Perl within an Apache web-
> server (that's not what I'm dealing with).
>
> Perl is installed, but ASSOC points the extensions to a handler that
> does not handle anything, so typing in a Perl filename inside a cmd
> prompt does not run the files. The cmd prompt needs to get configured
> to make sure the PATH environmental variable points to a proper path,
> and then to run the scripts... I think I need to dig into permissions
> and reconfigure Apache with a different set of permissions. If any-
> one has a link explaining configuring Apache permissions on a Windows
> server, that would be kindly appreciated.
>
> Thanks.
>

This has nothing to do with Perl and everything to do with your OS.

You could leave ASSOC set they way you want. However, since you have
severed the tie between your file extension and the Perl executable then
you must tell the command prompt what you want to with the perl script
by issuing "perl script.pl".

Now if you don't like that, you can convert each your Perl scripts into
a batch file by using pl2bat (if you are running Activestate's Perl).

Even then, I am not sure if it will work if FTYPE is not set correctly.
You are on you own.

--

Len

Re: Windows,ASSOC,FTYPE,.pl,.plx,.sh

Jim Carlock wrote:
> There a way to make the shebang work on a Windows system?
>

er, sort of. It does depend ASSOC and FTYPE being configured correctly.

On a properly installed version of Perl a shebang of #!notepad will
open notepad when the perl script is executed.

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

d:\>assoc .pl
..pl=Perl

d:\>ftype Perl
Perl="D:\Perl\bin\perl.exe" "%1" %*

d:\>type 1.pl
#!perl

print "ok\n";

d:\>1.pl
ok

d:\>type 2.pl
#!notepad

print "ok\n";

d:\>2.pl
(notepad was started with the contents of 1.pl displayed.)

--

Len

Re: Windows,ASSOC,FTYPE,.pl,.plx,.sh

On Oct 11, 7:30 pm, "Jim Carlock" wrote:
> In setting up Perl within a Windows OS, what's the best way to
> configure Perl so that a Perl file can get run inside a cmd.exe
> prompt, but without using ASSOC or FTYPE to configure things.

Use the full path, i.e.,
C:\perl\bin\perl.exe myscript
>
> Once ASSOC and FTYPE are run, they configure HKLM inside the
> registry which in turn makes the whole operating system realize
> Perl is installed, and makes the operating system vulnerable to
> various exploits.

What exploits are you referring to and which of those do you believe
are "fixed" by not having a FTYPE or ASSOC?

>
> I hope to run a Perl application/script only inside a specific
> cmd.exe prompt, preferably one set up with a .cmd or .bat file,
> that in turn does not anyone viewing a website to run Perl. In
> other words, I seek to not allow the whole operating system to end
> up with the global updates that commands, ASSOC and FTYPE, employ.

So, you want to run a perl script, but you don't want it to run Perl.
That doesn't make any sense.

How is a person that is just viewing your website going to arbitrarily
run Perl? They will only be able to run the cgi scripts that you
allow. So, it sounds like the real vulnerability may be with your
poorly written cgi scripts.
>
> Does anyone know of a way to prevent ASSOC and FTYPE from making
> a change to the registry? Or perhaps of another way other than
> having to type in "Perl.exe printenv.pl"?
>
> --
> Jim Carlock

Setting the FTYPE, ASSOC, and PATH ENV are merely conveniences.
Removing them will not fix any real or perceived vulnerabilities.