Re^2: embedding a safe unescapable mini perl interpreter?

thanks, everyone. A sandbox alone is not trustworthy enough.

the problem is intrinsically pretty bad. public internet. And I want one user to make up a question for another anonymous user to answer. (this also means that 'javascript as sandbox' won't work.)

User 1 inputs something like

   $x=round(rand(),1);
   print "If x is $x, then what is x^2?";
[download]

User 2 may see

   if x is 0.5, then what is x^2?
[download]

The '0.5' is obviously computed, based on what user 1 provided. I need to avoid user 1 inputting mischief.

Finally, user 1 receives back what the answer was that user 2 gave and can check whether it was correct. because answers are not algorithms (the way questions are), I can easily sanitize what user 2 provides.

Do I really have to write my own language and parser for this? no one else has?

regards, /iaw

Comment on Re^2: embedding a safe unescapable mini perl interpreter? Select or Download Code

Replies are listed 'Best First'.
Re^3: embedding a safe unescapable mini perl interpreter? by ww (Archbishop) on Dec 31, 2011 at 12:39 UTC
The little requirement that your project has to be multi-user may have merited mention in your OP. And as to your associated new question -- writing your own language -- I don't see how an eviscerated Perl can still provide even the functionality you've described. So maybe a new language has potential; maybe you simply need to code up a better sandbox; or maybe you should reconsider the design, aiming for a Q&A thread relying on users' machines for the computations.	[reply]
Re^3: embedding a safe unescapable mini perl interpreter? by RichardK (Parson) on Dec 31, 2011 at 13:56 UTC
Well theoretically any Turing complete language is going to be a problem, as it cannot be proved to be secure. There's a really interesting presentation about these issues here http://boingboing.net/2011/12/28/linguistics-turing-completene.html It's a keynote speech at the 28th Chaos Computer Congress (28C3) by Meredith Patterson on "The Science of Insecurity". I highly recommend it, it's definitely worth watching. So I think you have to write your own language, and only including the functionally that is needed, and keeping it as simple as possible. Parse::RecDescent is a good place to start, it makes working with grammars quite easy :) The key issue is the complexity of the allowed expressions, if you can keep to a context-free grammar the you might get away with it. But my guess is that you will need to have a human in the loop to check and approve each submission before they go live.	[reply]
Re^4: embedding a safe unescapable mini perl interpreter? by iaw4 (Monk) on Jan 01, 2012 at 05:49 UTC
ok. thanks everybody. it looks like this is going to be a lot more effort than I thought it would be. pity and surprising. there should be a complete set of everything that can 'escape' into the sandbox---backquotes, system(), fopen(), etc.---or, better yet, a complete set of features known not to escape. all I wanted is a clear subset with string manipulation, numerical functions, STDOUT, and basic variables, and a set of functions I would enumerate as 'safe'. if that had existed, I could have sanitized the first user input, and then passed it to 'eval'. it may still be simpler to do this than to write my own little language. next, I will check out SafeEval, as described in http://www.daniweb.com/software-development/perl/code/216821	[reply]
Re^5: embedding a safe unescapable mini perl interpreter? by Anonymous Monk on Jan 01, 2012 at 06:06 UTC
... Funny :) I don't get it :) What is the problem with using Template (without EVAL_PERL) or Inline::Lua? Or javascript (with http://www.adsafe.org/ )? Have you heard of Safe, Safe::Hole?	[reply]


"be consistent"
	PerlMonks