I have been thinking about this issue for a very very long time.

What I need is some kind of perl sandbox. I have an irc bot (ta NET::IRC) that I run in a channel with friends. Certain commands that fetch data over the internet or let me view information from my server can only be executed by me. Which is fine, but a while ago I implemented an eval command. Which allows for a *lot* of fun from an irc terminal.

Basically eval $eval = "blah"; Will have the bot send back "blah". Now this command is fine, as-long-as I'm the only one who can execute it. There is certainly more than one way to do bad stuff to a system :)

eval {redo}
eval use LWP::Simple; get "http://some/really/big/file"
eval $eval = `cat /etc/passwd`
eval `rm *`;
[download]

So there is no problem if I prevent everyone else from using this command, which is simple. But given that most of my friends are now interested in learning perl, and would just love to try out their own one-liners while on irc, I would really like a safe way to allow its use.

The conclusions I have reached:

taint checking wont work here, the idea is to be able to execute user given code

I need to prevent access to anything that can access system commands, open files, read memory, or transfer data over intra/internetworks, and cascade these into any modules that might be loaded

implement some kind of thread threshhold, so if the process runs for too long or uses too much cpu it dies

so at minimum I want to be able to manipulate text, and perform mathmatical operations - through allowing the full perl syntax

Given that only perl can parse perl

Do I have any options here?

Is there some kind of sandbox already out there?

I'm truly dreaming aren't I?

---

In reply to A perl sandbox? by nashdj

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":

---

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

• How do I compose an effective node title?
• How do I post a question effectively?
• Markup in the Monastery

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		&
	<		&lt;
	>		&gt;
	[		&#91;
	]		&#93;

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.