Re: Best practice for user-input in eval


Think about Loose Coupling
	PerlMonks

Re: Best practice for user-input in eval

by jbert (Priest)

on Dec 02, 2008 at 08:57 UTC ( [id://727333]=note: print w/replies, xml )

Need Help??

in reply to Best practice for user-input in eval

It's a hard problem to get right. As well as the Safe module the other comment refers to, you may want to look into OS-level permissions.

Assuming Linux, you may be interested in:

chroot;
running as a sandbox user-id which owns no files (and is a member of no other groups). (Clear out that user's home dir before each run);
ulimit and friends to control resource usage

And in this day and age, another good option is to do all this inside a hosted virtual machine. In particular, I know vmware allows you to have a disk which isn't persistent, i.e. all changes are reset on each boot.

Lastly, you said you need to allow users: "to input a perl expression or program and have it run over string."

That's a really unusual requirement. Is there any chance you could tell us why you need to do that? It's possible someone could think of an alternative approach which isn't as risky.

Comment on Re: Best practice for user-input in eval

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://727333]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others having an uproarious good time at the Monastery: (2)

As of 2024-04-26 02:28 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found