David Garamond <[EMAIL PROTECTED]> wrote:
> david wrote:
>> sub main::open{
>> #-- testing purpose
>> if($_[0] =~ m#^/#){
>> die("Access under / not allowed\n");
>> }else{
>> open(FILE,$_[0]) || die $!;
>> return FILE;
>> }
>> }
>>
>> my $fh = &open('whatever');
>
> oh, i didn't know you could do that :-) cool. that's what i'm
> looking for.
Don't count on it working, though. :)
First of all, exporting an open() subroutine only
affects one package. Normally it would be the
caller, but here it's hard-coded to main::.
This means the untrusted code would only have to do:
package X;
open FH, '>/not/going/to/get/checked'...
To sidestep the safety checks.
Or for a more innocuous-looking example:
my $fh = IO::File->new('>', '/not/checked/either');
And besides, open() is not particularly easy to
override. You'd have to account for all of:
open FH, $path;
open FH, "> $path";
open FH, ">", $path;
open FH, ">", \$sstream;
open FH, "command |";
open FH, "| command";
And six corresponding versions where FH is an
undefined scalar, not a glob reference.
And there's this oddball:
open $path; # morphs $path into a filehandle
But *never* this:
my $fh = open($path);
Anyway most people end up using filesystem permissions
for sandboxing, or chroot(), but you can try this:
package Sandbox;
sub import { *CORE::GLOBAL::open = \&open }
sub open (*;$@) {
# do your best
}
And then invoke perl as
$ perl -MSandbox script.pl
HTH
--
Steve
perldoc -qa.j | perl -lpe '($_)=m("(.*)")'
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
