NAME¶
Paranoid - Paranoia support for safer programs
VERSION¶
$Id: Paranoid.pm,v 0.34 2012/05/29 21:40:51 acorliss Exp $
SYNOPSIS¶
use Paranoid;
$errMsg = Paranoid::ERROR;
psecureEnv("/bin:/usr/bin");
DESCRIPTION¶
This collection of modules started out as modules which perform things
(debatably) in a safer and taint-safe manner. Since then it's also grown to
include functionality that fit into the same framework and conventions of the
original modules, including keeping the debug hooks for command-line
debugging.
All the modules below are intended to be used directly in your programs if you
need the functionality they provide.
This module does provide one function meant to secure your environment enough to
satisfy taint-enabled programs, and as a container which holds the last
reported error from any code in the Paranoid framework.
SUBROUTINES/METHODS¶
psecureEnv¶
psecureEnv("/bin:/usr/bin");
This function deletes some of the dangerous environment variables that can be
used to subvert perl when being run in setuid applications. It also sets the
path, either to the passed argument (if passed) or a default of
"/bin:/usr/bin".
Paranoid::ERROR¶
$errMsg = Paranoid::ERROR;
Paranoid::ERROR = $errMsg;
This lvalue function is not exported and must be referenced via the
Paranoid namespace.
TAINT NOTES¶
Taint-mode programming can be somewhat of an adventure until you know all the
places considered dangerous under perl's taint mode. The following functions
should generally have their arguments detainted before using:
exec system open glob
unlink mkdir chdir rmdir
chown chmod umask utime
link symlink kill eval
truncate ioctl fcntl chroot
setpgrp setpriority syscall socket
socketpair bind connect
DEPENDENCIES¶
While this module itself doesn't have any external dependencies various child
modules do. Please check their documentation for any particulars should you
use them.
SEE ALSO¶
The following modules are available for use. You should check their POD for
specifics on use:
- o
- Paranoid::Args: Command-line argument parsing
functions
- o
- Paranoid::BerkeleyDB: OO-oriented BerkelyDB access with
concurrent access capabilities
- o
- Paranoid::Data: Misc. data manipulation functions
- o
- Paranoid::Debug: Command-line debugging framework and
functions
- o
- Paranoid::Filesystem: Filesystem operation functions
- o
- Paranoid::Glob: Paranoid Glob objects
- o
- Paranoid::Input: Input-related functions (file reading,
detainting)
- o
- Paranoid::Lockfile: Lockfile support
- o
- Paranoid::Log: Unified logging framework and functions
- o
- Paranoid::Module: Run-time module loading functions
- o
- Paranoid::Network: Network-related functions
- o
- Paranoid::Network::IPv4: General IPv4-related
functions
- o
- Paranoid::Network::IPv6: General IPv6-related
functions
- o
- Paranoid::Network::Socket: Wrapper module for Socket &
Socket6
- o
- Paranoid::Process: Process management functions
BUGS AND LIMITATIONS¶
If your application is sensitive to performance issues then you may be better
off not using these modules. The primary focus was on security, robustness,
and diagnostics. That said, there's probably a lot of room for improvement on
the performance front.
AUTHOR¶
Arthur Corliss (corliss@digitalmages.com)
LICENSE AND COPYRIGHT¶
This software is licensed under the same terms as Perl, itself. Please see
http://dev.perl.org/licenses/ for more information.
(c) 2005, Arthur Corliss (corliss@digitalmages.com)