![]() |
|
Syntactic Confectionery Delight | |
PerlMonks |
Perl Sandbox - Revisitedby nashdj (Friar) |
on May 02, 2001 at 07:45 UTC ( [id://77228]=CUFP: print w/replies, xml ) | Need Help?? |
Thanks to some great replies to my last thread on this subject A perl sandbox?, I have been able to make some progress.
I have implemented a basic sandbox that will allow 100% of perl's syntax and 95% of the opcodes in what so far I have found to be a foolproof environment (no guarantees!).
The sandbox is broken up into two components: I came to the conclusion that spawning the seperate interpreter was the simplest way to ensure that any memory used was quickly retuned to the OS. I'm not particularly worried about any CPU spikes for less than a second. (I havent used the readmore tag before, I hope it worked. yes? good...) My only problem with the wrapper code is that it does not allow data to be recalled from the process if less than 254 bytes of data were printed before the process hits one second of cpu time (to make that more clear, this is in the event that it does reach one second). Which means print "hello"; {redo} will return " Exceeded CPU Time" rather than "Hello Exceeded CPU Time". But right now I am not too worried about that. Next is the actual script that maintains the Safe environment. I have gone through the list of opcodes and basically removed what *I* thought were not necessary, things like backticks, system, socket, etc... at present require is also not included.
This code simply sets up the environment, do(es) a file of perl source and then prints any errors before terminating (simple!).
I would really appreciate it if some of you might spare some time to look over this list, just to check that I havent included anything I shouldnt have. I have basically been through each opcode one at a time, checking in perldoc if I was unsure what they were used for. I am fairly confident that my list is correct.
Comments? - nashdj
Back to
Cool Uses for Perl
|
|