Re: Completely removing a perl function.

in reply to Completely removing a perl function.

What are you really trying to do? Who are you trying to prevent from accessing this function? As you can see from other posts, this is a security issue. Security problems have solutions, but we need to identify the problem before we can find the solution. Identifying the problem requires us to

identify who/what needs to be protected ("What assets are you trying to protect?"), and to
identify from whom/what it needs to be protected ("What are the risks to the assets?").

Could you elaborate on these topics. We can't develop you devise a means of protection without clear information on them. What you told us to be protected sounds too specific, and we have no information on that from which it should be protected.

Comment on Re: Completely removing a perl function.

Replies are listed 'Best First'.
Re^2: Completely removing a perl function. by BUU (Prior) on Jun 29, 2006 at 19:40 UTC
Honestly that was what I was trying to accomplish. I execute arbitrary perl and the only minor security hole is that shmget allows people to allocate shared memory that never goes away, which apparently has a negative effect when other processes later want shared memory.	[reply]
Re^3: Completely removing a perl function. by girarde (Hermit) on Jun 30, 2006 at 03:55 UTC
How is this arbitrary perl being submitted? Running the submission through `=~ s/shmget/exit;/g` would probably do the trick for web forms.	[reply] [d/l]

In Section Seekers of Perl Wisdom