Re: mocking or trapping system calls

Overloading backticks and system might not be enough. What is to stop people writing a script (in Perl, ksh, or anything else) which does the nasty things, and calling that?

How are the commands getting into the Perl script? If they are coming-in as strings from the user then it is not really neessary to overload back-ticks or system(), just test the string before you execute it - probably something you should do anyway.

If the user write her own scripts then I can't see how you can prevent them calling anything they want - unless you trap them in a restricted environment. That is then more of an administrator problem than a Perl one.

Comment on Re: mocking or trapping system calls

Replies are listed 'Best First'.
Re^2: mocking or trapping system calls by Anonymous Monk on May 10, 2008 at 19:25 UTC
`open()` also needs to be checked. Running into `open PIPE,"\| /bin/rm -rf / > /dev/null 2>&1"` as root would be rather unpleasant. Alexander	[reply] [d/l] [select]
Re^3: mocking or trapping system calls by wu-lee (Beadle) on May 10, 2008 at 22:42 UTC
Indeed that's true, and ideally this would be trapped/mocked also, but in this case I don't need to.	[reply]