Re: Re: "safe" perl cron environment?

have to say that there is a delicious sense of irony in your comment
Yes... Sorry about that, but it makes sense in the end... The scripts implement a system which stands to make a ton of money for a non-profit.

I'm really not too concerned about rebooting in single-user mode. I'm more concerned about remote root vulnerabilities.

Ultimately there is NO way in perl (that I am aware of) that will keep your code truely secret. It will always be possible for someone with sufficient privs to access the code.
If this is really true then that is the answer to my question.

John

Comment on Re: Re: "safe" perl cron environment?

Replies are listed 'Best First'.
Re: Re: Re: "safe" perl cron environment? by demerphq (Chancellor) on Dec 02, 2002 at 19:03 UTC
Yes... Sorry about that, but it makes sense in the end... Heh. No apology needed. Even if it was for a for-profit. :-) Ya gotta do whatchya gotta do! If this is really true then that is the answer to my question. (Un)fortunately I believe it is. Although i think it would take a skillful person to do it. But then that holds true of decompiling an executable too. BING! Heres a _really_ nasty way to do something like what you want: write a C wrapper that embedds perl inside of it. Then put your perl script within the C wrapper (perhaps encrypted using some reliable C library) and then have the wrapper pass the code to the embedded perl instance to be executed. At least that way it becomes nearly impossible for some kind of man in the middle attack, or the other easily implemnted routes from the command line. Dunno, could be a pipe dream, but i think it would have to be an especially talented and motivitated individual that figured that one out. --- demerphq my friends call me, usually because I'm late....	[reply]

Replies are listed 'Best First'.

Re: Re: Re: "safe" perl cron environment?
by demerphq (Chancellor) on Dec 02, 2002 at 19:03 UTC

Yes... Sorry about that, but it makes sense in the end...

Heh. No apology needed. Even if it was for a for-profit. :-) Ya gotta do whatchya gotta do!

If this is really true then that is the answer to my question.

(Un)fortunately I believe it is. Although i think it would take a skillful person to do it. But then that holds true of decompiling an executable too.

BING! Heres a _really_ nasty way to do something like what you want: write a C wrapper that embedds perl inside of it. Then put your perl script within the C wrapper (perhaps encrypted using some reliable C library) and then have the wrapper pass the code to the embedded perl instance to be executed. At least that way it becomes nearly impossible for some kind of man in the middle attack, or the other easily implemnted routes from the command line.

Dunno, could be a pipe dream, but i think it would have to be an especially talented and motivitated individual that figured that one out.

--- demerphq
my friends call me, usually because I'm late....

[reply]