Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Re: Best practice for user-input in eval

by jbert (Priest)
on Dec 02, 2008 at 08:57 UTC ( #727333=note: print w/replies, xml ) Need Help??

in reply to Best practice for user-input in eval

It's a hard problem to get right. As well as the Safe module the other comment refers to, you may want to look into OS-level permissions.

Assuming Linux, you may be interested in:

  • chroot;
  • running as a sandbox user-id which owns no files (and is a member of no other groups). (Clear out that user's home dir before each run);
  • ulimit and friends to control resource usage
And in this day and age, another good option is to do all this inside a hosted virtual machine. In particular, I know vmware allows you to have a disk which isn't persistent, i.e. all changes are reset on each boot.

Lastly, you said you need to allow users: "to input a perl expression or program and have it run over string."

That's a really unusual requirement. Is there any chance you could tell us why you need to do that? It's possible someone could think of an alternative approach which isn't as risky.

  • Comment on Re: Best practice for user-input in eval

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://727333]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (11)
As of 2016-10-21 13:49 GMT
Find Nodes?
    Voting Booth?
    How many different varieties (color, size, etc) of socks do you have in your sock drawer?

    Results (289 votes). Check out past polls.