securing perl on a public server...

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: securing perl on a public server... by meredith (Friar) on Jul 16, 2004 at 20:46 UTC
File permissions ulimit taint mode monitoring (process monitoring, sar, etc.) Apply liberally. All these are contributing factors to a manageable server. =) I expect that the other monks will provide more detailed, thought-out responses, since I don't have the time for that. `mhoward - at - hattmoward.org`	[reply]
Re^2: securing perl on a public server... by csuhockey3 (Curate) on Jul 17, 2004 at 03:54 UTC
Do you have Perl for System Admin by O'reilly? Good stuff in there for you -- at least that is where I started a while back with the same type of question. Have not had much trouble since. Start with hattmoward's suggestions, then go get your read on. CSUhockey3	[reply]
Re: securing perl on a public server... by jacques (Priest) on Jul 16, 2004 at 20:57 UTC
Secure the server, not Perl. There are numerous hardening kits available for different flavors of Unix. For example, if you are using Solaris, you can use JAZZ and Titan. There is a myth that Perl has sandboxing issues. In fact, this is one of the reasons given for Yahoo's switch from Perl to PHP in the delivery phase of it's pages. This is bull.	[reply]
Re: securing perl on a public server... by BUU (Prior) on Jul 17, 2004 at 05:57 UTC
In short, perl can do anything you could do from the shell, so lock down the user account.	[reply]
Re: securing perl on a public server... by danielcid (Scribe) on Jul 19, 2004 at 15:00 UTC
If you are talking about a publicly accessable web server, you should consider running the web server (eg apache) in a chroot environment. The use of systrace is recommended too (it filters the syscall use). -DBC	[reply]