Re:**3 SOAP::Lite and Security (Phrack #58)

Replies are listed 'Best First'.
Re: Re: Re: Re: SOAP::Lite and Security (Phrack #58) by IlyaM (Parson) on Dec 31, 2001 at 05:24 UTC
I haven't ever used Safe but after reading its doc again I don't understand how execution of perlops can be limited in all packages except some of them (this is what you need in case with SOAP::Lite). Anyway even if it is possible is still doesn't work. Suppose one method (which should be remotly accessiable) uses another (which shouldn't be remotly accessiable). You cannot forbid perlops used by second method because doing it breaks first method. -- Ilya Martynov (http://martynov.org/)	[reply]
Re:**5 SOAP::Lite and Security (Phrack #58) by belg4mit (Prior) on Dec 31, 2001 at 06:16 UTC
Safe allows you to isolate code in a compartment. That code is in it's own package and cannot access variables in other packages. You may restrict access to perlops on a per compartment basis. Read more... (1197 Bytes) `-- perl -pe "s/\b;([st])/'\1/mg"`	[reply] [d/l] [select]
Re:**6 SOAP::Lite and Security (Phrack #58) by IlyaM (Parson) on Dec 31, 2001 at 07:20 UTC
I've read Safe docs and I have an idea how it works. I just don't get how it can help SOAP::Lite. In case with SOAP::Lite you have several subs in different packages which should be remotly accessible. Note that these subs can themselves call other subs which should not be remotly accessible. That's ok. The problem is that SOAP::Lite doesn't provide means to restrict list of remotly accessible subs. Basically you can call any existing subroutine in any package via SOAP::Lite. This problem is not related to restricting perlops. It is about creating restriction for subs which can be remotly called. And it is not a job for Safe to build and check list of subroutines allowed to be called remotly. It is a job for SOAP::Lite itself. -- Ilya Martynov (http://martynov.org/)	[reply]
Re:**7 SOAP::Lite and Security (Phrack #58) by belg4mit (Prior) on Dec 31, 2001 at 12:04 UTC