Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Re: Best practice for user-input in eval

by jbert (Priest)
on Dec 02, 2008 at 08:57 UTC ( #727333=note: print w/replies, xml ) Need Help??

in reply to Best practice for user-input in eval

It's a hard problem to get right. As well as the Safe module the other comment refers to, you may want to look into OS-level permissions.

Assuming Linux, you may be interested in:

  • chroot;
  • running as a sandbox user-id which owns no files (and is a member of no other groups). (Clear out that user's home dir before each run);
  • ulimit and friends to control resource usage
And in this day and age, another good option is to do all this inside a hosted virtual machine. In particular, I know vmware allows you to have a disk which isn't persistent, i.e. all changes are reset on each boot.

Lastly, you said you need to allow users: "to input a perl expression or program and have it run over string."

That's a really unusual requirement. Is there any chance you could tell us why you need to do that? It's possible someone could think of an alternative approach which isn't as risky.

  • Comment on Re: Best practice for user-input in eval

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://727333]
[ambrus]: ambrus's scratchpad
[ambrus]: Also, I was wrong, apparently you have to support both periodic and one-shot timers in an AnyEvent backend
[Corion]: ambrus: That looks deceptively simple, but maybe that's simply all that's needed. Which would be great! I hope I get to test it tomorrow, thanks!!
[choroba]: Hm, unrelated question.
[ambrus]: I added a timer implementation to ambrus's scratchpad as well, again the whole thing is completely untested and probably has more bugs than lines

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (9)
As of 2016-12-08 12:43 GMT
Find Nodes?
    Voting Booth?
    On a regular basis, I'm most likely to spy upon:

    Results (141 votes). Check out past polls.