Pathologically Eclectic Rubbish Lister | |
PerlMonks |
Perl sandboxby gildir (Pilgrim) |
on Nov 06, 2001 at 19:05 UTC ( [id://123587]=perlquestion: print w/replies, xml ) | Need Help?? |
gildir has asked for the wisdom of the Perl Monks concerning the following question:
Fellow monks,
Recently I have made some experiments with Safe module, and that induced one idea in my head. I will explain it on an example. Imagine that you are writing public CGI service or some templating system or whatever that includes perl code snippets. For speed optimizations you want to compile that public perl code once and run it many times over. Simple task so far, just use my $sub = eval "sub { $code }";. But, what if user includes open(P,"/etc/passwd"); print(<P>); in his code? One possible solution is still simple, use a Safe module to restrict open opcode (as shown in Safe module security and emebeded perl). But I want an open function to be accessible to user, for example to enable user include his own files that are in his home directory, but nothing else.
And now the question: N.B. chroot is no solution. It will work for open, but not for other calls. For example it won't affect opening a socket to source server only in applet-like scenario.
Back to
Seekers of Perl Wisdom
|
|