Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

Re: Question of safe data passing...

by lindex (Friar)
on Apr 27, 2001 at 19:01 UTC ( #76129=note: print w/replies, xml ) Need Help??

in reply to Question of safe data passing...

Aright how bout writing a perl script that creates a DBI object for you and freezes it using Storable, but before it does this it reads a config file and looks to make sure the calling script and calling user are ok, if these conditions are met it then returns the freezed DBI object to STDOUT easly read in and thaw'ed by the calling script

Of course the perl script would have to be compiled and the binary outputed would have to be chmod'ed with no read access, as well as suid so that it could read the "root only read" config file.

/****************************/, /*****************************/

Replies are listed 'Best First'.
Re: Re: Question of safe data passing...
by Rhandom (Curate) on Apr 27, 2001 at 19:17 UTC
    On to something here...

    Instead of just storing the DBI object, make a DBI wrapper object that every time you try any method it checks to see if $0 still matches the copy that it stored in itself somewhere. If it doesn't match then it dies out. This way, you wouldn't be able to spoof the script your running on.

    Er... uh.. will Storable cache a DBI object and allow you to reconnect at a later point?

    my @a=qw(random brilliant braindead); print $a[rand(@a)];

      Ahh, can't use $0 because then you could just exec the DSN wrapper with the name of a valid script and BAM you have the "frozen" DBI object.

      The DSN wrapper must find the name of its caller on its own. And it must get this information from none user corruptable data. So the idea of passing the DSN wrapper a pid and then have the wrapper check proc to make sure the pid matches a allowable script name is also out of the question.

      /****************************/, /*****************************/

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://76129]
[Tux]: choroba++ # pm_cb_g also signals replies to posts, something#cbstream does not
[marto]: good afternoon all
[marto]: that is a neat feature, I'll have to have a look at how it displays that
[Tux]: 14:32 Europe/Amsterdam, so good afternoon to you :)
[marto]: 13:32, sunny Glasgow :P
[Tux]: as in, some others might appreciate a good morning or goor evening
[Tux]: Glasgow, as in TPCiG-2018 !!!! :) :)
erix would rather appreciate proof of a goodmorning
[marto]: Tux so I'm told :)

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (11)
As of 2017-09-22 12:33 GMT
Find Nodes?
    Voting Booth?
    During the recent solar eclipse, I:

    Results (263 votes). Check out past polls.