Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: Question of safe data passing...

by lindex (Friar)
on Apr 27, 2001 at 19:01 UTC ( #76129=note: print w/ replies, xml ) Need Help??


in reply to Question of safe data passing...

Aright how bout writing a perl script that creates a DBI object for you and freezes it using Storable, but before it does this it reads a config file and looks to make sure the calling script and calling user are ok, if these conditions are met it then returns the freezed DBI object to STDOUT easly read in and thaw'ed by the calling script

Of course the perl script would have to be compiled and the binary outputed would have to be chmod'ed with no read access, as well as suid so that it could read the "root only read" config file.




lindex
/****************************/ jason@gost.net, wh@ckz.org http://jason.gost.net /*****************************/


Comment on Re: Question of safe data passing...
Download Code
Re: Re: Question of safe data passing...
by Rhandom (Curate) on Apr 27, 2001 at 19:17 UTC
    On to something here...

    Instead of just storing the DBI object, make a DBI wrapper object that every time you try any method it checks to see if $0 still matches the copy that it stored in itself somewhere. If it doesn't match then it dies out. This way, you wouldn't be able to spoof the script your running on.

    Er... uh.. will Storable cache a DBI object and allow you to reconnect at a later point?

    my @a=qw(random brilliant braindead); print $a[rand(@a)];

      Ahh, can't use $0 because then you could just exec the DSN wrapper with the name of a valid script and BAM you have the "frozen" DBI object.

      The DSN wrapper must find the name of its caller on its own. And it must get this information from none user corruptable data. So the idea of passing the DSN wrapper a pid and then have the wrapper check proc to make sure the pid matches a allowable script name is also out of the question.




      lindex
      /****************************/ jason@gost.net, wh@ckz.org http://jason.gost.net /*****************************/

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://76129]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (8)
As of 2014-07-24 11:19 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (160 votes), past polls