#
# PerlSec.txt - Early definition of a Perl security model
# Grant Mongardi 02/23/2001
#
# Description:
# This file contains general thoughts and ideas for a
# Security model for Perl. It would likely be builtin
# to the binary, and would be a PERL run-time loaded
# configuration.
# This is an ALPHA version of this document.
The initial call was for a security model that would allow
Perl to decide if it is safe to perform certain low- or
OS-level actions. The intent was to allow some sort of
rules-based configuration to be loaded prior to script
parsing (sendmail's sendmail.cf was given as an example).
Some potential rules:
o Scripts are only executable if listed in 'perl.cf'
o Web/CGI scripts are listed in 'cgi.cf'
o Allowable modules listed in perl.cf and cgi.cf
o Ability to limit CPU, memory, disk
(and nice?) (conditionally?)
o Ability to restrict command line flags
o Other specific conditionals(?):
o Execute if $ENV{REMOTE_USER}/$user is defined/valid
o no spawns or conditional
o no system or conditional
o no evals or conditional
o filename write filtering (no .cgi, .pl, .sh, .tcl, ...)
o filename read access (/etc, /var, maybe use regex)
o IP lockouts
o IP limits
o Content-length limits (?)
o always strict or conditional
o DBI specific (conditional) (maybe this is overkill)
o allow only SELECT to tables xxx
o allow only UPDATE/ADD to tables xxx
o no CREATE or conditional
o no DELETE or conditional
o no DROP or conditional
o maybe SQL mapping or something (i.e, DROP -> RENAME?)
etc.,
o Other
o mirrored passwd files (htaccess) (is this suid?)
o perhaps a config file with no-no functions?
o perhaps custom rules directives written in perl?
o perhaps a .ini-style file with sections of rules.
That's all I have for now.
Grant M.
