Paranoid - Paranoia support for safer programs
$Id: Paranoid.pm,v 0.34 2012/05/29 21:40:51 acorliss Exp $
use Paranoid; $errMsg = Paranoid::ERROR; psecureEnv("/bin:/usr/bin");
This collection of modules started out as modules which perform things (debatably) in a safer and taint-safe manner. Since then it's also grown to include functionality that fit into the same framework and conventions of the original modules, including keeping the debug hooks for command-line debugging.
All the modules below are intended to be used directly in your programs if you need the functionality they provide.
This module does provide one function meant to secure your environment enough to satisfy taint-enabled programs, and as a container which holds the last reported error from any code in the Paranoid framework.
This function deletes some of the dangerous environment variables that can be used to subvert perl when being run in setuid applications. It also sets the path, either to the passed argument (if passed) or a default of "/bin:/usr/bin".
$errMsg = Paranoid::ERROR; Paranoid::ERROR = $errMsg;
This lvalue function is not exported and must be referenced via the Paranoid namespace.
Taint-mode programming can be somewhat of an adventure until you know all the places considered dangerous under perl's taint mode. The following functions should generally have their arguments detainted before using:
exec system open glob unlink mkdir chdir rmdir chown chmod umask utime link symlink kill eval truncate ioctl fcntl chroot setpgrp setpriority syscall socket socketpair bind connect
While this module itself doesn't have any external dependencies various child modules do. Please check their documentation for any particulars should you use them.
The following modules are available for use. You should check their POD for specifics on use:
Paranoid::Args: Command-line argument parsing functions
Paranoid::BerkeleyDB: OO-oriented BerkelyDB access with concurrent access capabilities
Paranoid::Data: Misc. data manipulation functions
Paranoid::Debug: Command-line debugging framework and functions
Paranoid::Filesystem: Filesystem operation functions
Paranoid::Glob: Paranoid Glob objects
Paranoid::Input: Input-related functions (file reading, detainting)
Paranoid::Lockfile: Lockfile support
Paranoid::Log: Unified logging framework and functions
Paranoid::Module: Run-time module loading functions
Paranoid::Network: Network-related functions
Paranoid::Network::IPv4: General IPv4-related functions
Paranoid::Network::IPv6: General IPv6-related functions
Paranoid::Network::Socket: Wrapper module for Socket & Socket6
Paranoid::Process: Process management functions
If your application is sensitive to performance issues then you may be better off not using these modules. The primary focus was on security, robustness, and diagnostics. That said, there's probably a lot of room for improvement on the performance front.
Arthur Corliss (firstname.lastname@example.org)
This software is licensed under the same terms as Perl, itself. Please see http://dev.perl.org/licenses/ for more information.
(c) 2005, Arthur Corliss (email@example.com)