Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number

Re: Best practice for user-input in eval

by jbert (Priest)
on Dec 02, 2008 at 08:57 UTC ( #727333=note: print w/ replies, xml ) Need Help??

in reply to Best practice for user-input in eval

It's a hard problem to get right. As well as the Safe module the other comment refers to, you may want to look into OS-level permissions.

Assuming Linux, you may be interested in:

  • chroot;
  • running as a sandbox user-id which owns no files (and is a member of no other groups). (Clear out that user's home dir before each run);
  • ulimit and friends to control resource usage
And in this day and age, another good option is to do all this inside a hosted virtual machine. In particular, I know vmware allows you to have a disk which isn't persistent, i.e. all changes are reset on each boot.

Lastly, you said you need to allow users: "to input a perl expression or program and have it run over string."

That's a really unusual requirement. Is there any chance you could tell us why you need to do that? It's possible someone could think of an alternative approach which isn't as risky.

Comment on Re: Best practice for user-input in eval

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://727333]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (7)
As of 2016-05-31 08:02 GMT
Find Nodes?
    Voting Booth?