How Safe is Safe::?

tadman has asked for the wisdom of the Perl Monks concerning the following question:

Is it possible to turn Perl into a "multi-user" language using the Safe module? The idea is to allow user code to be loaded and executed in the context of a larger script, but that access would be strictly controlled and that the range of operators available would be limited to limit access. This would allow users to write quick macros, math functions, and the like, without being able to run system commands, create files, trash global variables, etc.

Safe understandably carries this disclaimer:

   WARNING
       The authors make no warranty, implied or otherwise, about
       the suitability of this software for safety or security
       purposes.
[download]

Is this because Safe isn't really safe, or is this just an obligatory disclaimer? Is it theoretically secure, at least?

I understand that this might be fundamentally a Bad Idea, but stripping down Perl seems a lot easier than writing a Perl-like scripting language from the ground up.

Comment on How Safe is Safe::? Download Code

Replies are listed 'Best First'.
Re: How Safe is Safe::? by sierrathedog04 (Hermit) on Feb 14, 2001 at 05:04 UTC
Even if Safe:: were as impregnable as Blowfish it would still carry that disclaimer. No rational person would write software for free and include a warranty as to its fitness for which one could then be sued. If one wants a warranty for an open source product then one must purchase a commercial implementation of it which includes such a warranty, or for which the act of sale creates a legally-enforceable implied warranty.	[reply]
Re: Re: How Safe is Safe::? by MeowChow (Vicar) on Feb 14, 2001 at 05:29 UTC
There is no commercial software product, to my knowledge, which warrants suitability or fitness for any purpose. Moreover, the warranties usually say something to the effect of "if this program causes your computer to burst into flames, impoverishes you, and gives you cancer, it ain't our fault." Commercial software warranties serve the purpose of disclaiming responsibility, not accepting it. MeowChow s aamecha.s a..a\u$&owag.print	[reply]
Re: Re: Re: How Safe is Safe::? by Lexicon (Chaplain) on Feb 14, 2001 at 06:05 UTC
That depends on who you're buying from/what your purpose is... Think Hospitals / Military / Govornment Languages like Haskell exist specifically so they can be proved correct. While Haskell, for instance, is a real pain to program in (from my short experience in class), you can take your time: we need to know that there really isn't someone taking off on that runway that the plane is about to land on. ;) -Lexicon	[reply]
Ria: How Safe is Safe::? by baku (Scribe) on Feb 14, 2001 at 20:11 UTC
Re (tilly) 3: How Safe is Safe::? by tilly (Archbishop) on Feb 14, 2001 at 06:17 UTC
Actually you have to warranty something. It is traditional to warranty the physical media that you shipped for a period (eg 90 days), under the theory that the majority of installation problems will be due to a bad CD.	[reply]
Re: How Safe is Safe::? by jepri (Parson) on Feb 14, 2001 at 13:02 UTC
I actually tried something a little like this a while ago. I wanted to allow users to be able to run arbitrary code, somewhat similar to a MOO (Object-Orientated MUD (Multi-User Dungeon)). But I was using tied hashes to databases and it turned out to be completely impractical to allow them to do anything vaguely complicated (and therefore useful). From my brief experiments it seemed that if you want to allow them to program anything more than a pocket calculator, you'd be better off writing your own scripting language and interpreter. Alas I have found no trace of such a project in perl. If you need to allow a large number of vaguely-trusted users to run arbitrary scripts, I would recommend buying them a box, and giving them all limited shell acounts (or CGI execute permsisions) and keeping the data they access on another machine, say a PostGreSQL server. SAFE seems to be a really excellent module, but you would have to be very skilled with the internal workings of perl to set it up right, and you would still be limited because you wouldn't be able to allow your users to call modules (which would almost certainly use banned codes), which is a very desirable thing. Apologies if I have overlooked some feature of SAFE which allows you to do the above, but I couldn't find it. ____________________ Jeremy I didn't believe in evil until I dated it.	[reply]
Re: Re: How Safe is Safe::? by sierrathedog04 (Hermit) on Feb 14, 2001 at 19:25 UTC
John Ousterhout designed the Tcl language to be an embedded scripting language for use in other (e.g. Perl) applications. To embed Tcl in some other application apparently involves the use of a C compiler. It may even involve recompiling Perl itself. However, I have worked in a place where a group of young geniuses attempted to create their own scripting language, and anything would be better than that. I would get Ousterhout's book Tcl and the Tk Toolkit and go at it. About a third of the book is devoted to embedding Tcl in something else. An additional benefit of the book, which is a classic, is that since we Perler's use Tk in Perl/Tk and Ousterhout wrote Tk we are learning from the master, so to speak.	[reply]
Re: How Safe is Safe::? by TheoPetersen (Priest) on Feb 14, 2001 at 06:47 UTC
Does anyone remember Penguin? This seemed like a terrific idea at the time, making Perl into a Java-like language via Safe and a transport layer. But version 3.00 is almost four years old now with nary a peep. Anyone know of any plans to work on this or similar?	[reply]

Back to Seekers of Perl Wisdom