I have been thinking about this issue for a very very
What I need is some kind of perl sandbox. I have an irc bot (ta NET::IRC) that I run in a channel with friends. Certain commands that fetch data over the internet or let me view information from my server can only be executed by me. Which is fine, but a while ago I implemented an eval command. Which allows for a *lot* of fun from an irc terminal.
eval $eval = "blah";
Will have the bot send back "blah". Now this command is fine, as-long-as I'm the only one who can execute it. There is certainly more than one way to do bad stuff to a system :)
eval use LWP::Simple; get "http://some/really/big/file"
eval $eval = `cat /etc/passwd`
eval `rm *`;
So there is no problem if I prevent everyone else from using this command, which is simple. But given that most of my friends are now interested in learning perl, and would just love to try out their own one-liners while on irc, I would really like a safe way to allow its use.
The conclusions I have reached:taint checking wont work here, the idea is to be able to execute user given code
I need to prevent access to anything that can access system commands, open files, read memory, or transfer data over intra/internetworks, and cascade these into any modules that might be loaded
implement some kind of thread threshhold, so if the process runs for too long or uses too much cpu it dies
so at minimum I want to be able to manipulate text, and perform mathmatical operations - through allowing the full perl syntax
Given that only perl can parse perl
Do I have any options here?
Is there some kind of sandbox already out there?
I'm truly dreaming aren't I?