We don't bite newbies here... much | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Fellow monks,
Recently I have made some experiments with Safe module, and that induced one idea in my head. I will explain it on an example. Imagine that you are writing public CGI service or some templating system or whatever that includes perl code snippets. For speed optimizations you want to compile that public perl code once and run it many times over. Simple task so far, just use my $sub = eval "sub { $code }";. But, what if user includes open(P,"/etc/passwd"); print(<P>); in his code? One possible solution is still simple, use a Safe module to restrict open opcode (as shown in Safe module security and emebeded perl). But I want an open function to be accessible to user, for example to enable user include his own files that are in his home directory, but nothing else.
And now the question: N.B. chroot is no solution. It will work for open, but not for other calls. For example it won't affect opening a socket to source server only in applet-like scenario. In reply to Perl sandbox by gildir
|
|