gildir has asked for the wisdom of the Perl Monks concerning the following question:
I want to use module Safe to restrict emebeded perl code to only 'reasonable' set of operations. This emebeded code is a part of XML templating system that was private, but now I want to give users a chance to modify their templates. But as the whole system runs in mod_perl with persistent DB connections, I do not want users to be able to access that DB connection or any other resources on server system.
I here the question: What opcodes could be reasonable to permit in such a circumstances? Just now I have qw(:base_core :base_mem :base_loop print sprintf refgen padany gv) set, but I'm not sure especialy with 'padany' and 'gv' opcodes. I had to include them to allow things like my $foo; and use of $_ in templates. Is there any security risk when permiting them?
print operation is used for generating output, so it is needed. I have selected tied filehandle that collects output. That should be OK as far as I do not overlook something.
refgen is also needed, because I pre-compile templates with
and then runs it (outside compartment) with &$code. Is there some security risk in this setup?my $code = $compartment->reval("sub { ".$templateCode." }");
Thanks for any help or comments.