comment on

Yes..But

$ perl /tmp/foo
[download]

would still work. (And many hacks actually execute like that).

I agree that trying to stop every scenario is hard, but replacing perl will only foil an automated attack, not the manual hacker.. Which may be a good start, but there ARE manual hackers out there :)

Autoloading would be way easier to make secure. The only way to circumvent it, would be to upload your own perl. And even then, which wouldnt work as easy, since no-exec is set on /tmp, so you'd have to find a 777 directory somewhere to dump your binary.

PHP for example, can be told to load .so "extension", which are initialized before the actual PHP code.. It seems strange that perl doesnt have something like it (though PHP is, of course, not the best example of anything ;) )

In reply to Re^4: perl pre-execution hook by logix
in thread perl pre-execution hook by logix

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.