CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Advanced:
is there any safe mode on perl ?

 



graziano68
Novice

Mar 10, 2003, 1:53 AM

Post #1 of 4 (1353 views)
is there any safe mode on perl ? Can't Post

Hello,

First of all , sorry for my english.
I am a newsbie to perl world (I am a php programmer) and I wish to ask you something about perl security.

I am providing hosting to some users and I noticed that there are some perl programs which permit to emulate an ssh/telnet (sending linux commands) via browser .

For example the "command" function on Gossamer File manager provides the user an ssh/telnet session via web .

Every user using the "command" function on Gossamer file , could use #cat /etc/passwd and then could browse each user
executing #ls /home/user/public_html and so on.., cacthing code and clean passwords between user accounts ....

There are similar programs (command line emulator via browser)
also in php (for example phpmyshell) ...however ,since this kind of programs could create security problems , with php there is the famous "php safe mode" that restrict the usage of "unix command" on a shared enviroments to the user directory .So , running the php safe mode , #cat /etc/passwd or any other linux command out of /home/user will never work .

Well , now my question is ..

Is there anything similar to php_safe_mode on perl ?
How could I be safe from program like Gossamer File manager
on a shared enviroment ?



Thanks a lot
Graziano


davorg
Thaumaturge / Moderator

Mar 10, 2003, 4:30 AM

Post #2 of 4 (1345 views)
Re: [graziano68] is there any safe mode on perl ? [In reply to] Can't Post

You might like to look at "taint mode" (details in "perlrun" and "perlsec") and also the "Safe" module.

--
Dave Cross, Perl Hacker, Trainer and Writer
http://www.dave.org.uk/
Get more help at Perl Monks


graziano68
Novice

Mar 10, 2003, 12:41 PM

Post #3 of 4 (1340 views)
Re: [davorg] is there any safe mode on perl ? [In reply to] Can't Post


In Reply To
You might like to look at "taint mode" (details in "perlrun" and "perlsec") and also the "Safe" module.



Hello

thanks , please may you tell me more details to set these modes on my perl configuration ?

For example with php to enable php safe mode , it's enough to modify a single line on my php.ini and restart apache . Nothing else .


May you tell me more ?

Thank you

Graziano


davorg
Thaumaturge / Moderator

Mar 11, 2003, 2:11 AM

Post #4 of 4 (1335 views)
Re: [graziano68] is there any safe mode on perl ? [In reply to] Can't Post

As I suggested previously, you should read the documentation.

perldoc perlrun
perldoc perlsec
perldoc Safe

--
Dave Cross, Perl Hacker, Trainer and Writer
http://www.dave.org.uk/
Get more help at Perl Monks

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives