Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: Best practice for user-input in eval

by jbert (Priest)
on Dec 02, 2008 at 08:57 UTC ( #727333=note: print w/ replies, xml ) Need Help??


in reply to Best practice for user-input in eval

It's a hard problem to get right. As well as the Safe module the other comment refers to, you may want to look into OS-level permissions.

Assuming Linux, you may be interested in:

  • chroot;
  • running as a sandbox user-id which owns no files (and is a member of no other groups). (Clear out that user's home dir before each run);
  • ulimit and friends to control resource usage
And in this day and age, another good option is to do all this inside a hosted virtual machine. In particular, I know vmware allows you to have a disk which isn't persistent, i.e. all changes are reset on each boot.

Lastly, you said you need to allow users: "to input a perl expression or program and have it run over string."

That's a really unusual requirement. Is there any chance you could tell us why you need to do that? It's possible someone could think of an alternative approach which isn't as risky.

  • Comment on Re: Best practice for user-input in eval

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://727333]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2016-06-29 02:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My preferred method of making French fries (chips) is in a ...











    Results (366 votes). Check out past polls.