in reply to Re: SOAP::Lite and Security (Phrack #58)
in thread SOAP::Lite and Security (Phrack #58)

I'm not sure if Safe really helps. Suppose you have two subs in your code. Both use open to read some files and return data they have read. First sub should be directly accessiable via SOAP::Lite and second should not. How can Safe help here?

Actuall fix is restrict package and method names that can be called via SOAP::Lite.

--
Ilya Martynov (http://martynov.org/)

  • Comment on Re: Re: SOAP::Lite and Security (Phrack #58)

Replies are listed 'Best First'.
Re:**3 SOAP::Lite and Security (Phrack #58)
by belg4mit (Prior) on Dec 31, 2001 at 04:45 UTC
    Well Safe restricts perlop's *and* namespace access so for that case you might put the second sub in a different package.

    --
    perl -pe "s/\b;([st])/'\1/mg"

[reply]
      I haven't ever used Safe but after reading its doc again I don't understand how execution of perlops can be limited in all packages except some of them (this is what you need in case with SOAP::Lite).

      Anyway even if it is possible is still doesn't work. Suppose one method (which should be remotly accessiable) uses another (which shouldn't be remotly accessiable). You cannot forbid perlops used by second method because doing it breaks first method.

      --
      Ilya Martynov (http://martynov.org/)

[reply]
        Safe allows you to isolate code in a compartment. That code is in it's own package and cannot access variables in other packages. You may restrict access to perlops on a per compartment basis.
        Read more... (1197 Bytes)

        --
        perl -pe "s/\b;([st])/'\1/mg"

[reply]
[d/l]
[select]

In Section Meditations