perlquestion
gildir
Fellow monks,
<P>
Recently I have made some experiments with Safe module, and that
induced one idea in my head. I will explain it on an example.
<P>
Imagine that you are writing public CGI service or some templating system
or whatever that includes perl code snippets. For speed optimizations you want
to compile that <i>public</i> perl code once and run it many times over.
Simple task so far, just use <code>my $sub = eval "sub { $code }";</code>.
But, what if user includes <code>open(P,"/etc/passwd"); print(<P>);</code> in his code?
<P>
One possible solution is still simple, use a Safe module to restrict <code>open</code> opcode
(as shown in [Safe module security and emebeded perl]).
But I want an open function to be accessible to user, for example to enable user include his own files
that are in his home directory, but nothing else.
<P>
And now the question:<BR>
Is there some way how to 'trap' some opcodes in perl, inspect arguments and then resume execution if everything is OK?
I seek funcionality very similar to Java sandbox. Can this be done in perl?
<P>
<SMALL>N.B. chroot is no solution. It will work for open, but not for other calls. For example it won't affect opening a socket to source server only in applet-like scenario.</SMALL>