in reply to Re^3: perl pre-execution hook
in thread perl pre-execution hook

Yes..But 
$ perl /tmp/foo

[download]
would still work. (And many hacks actually execute like that).

I agree that trying to stop every scenario is hard, but replacing perl will only foil an automated attack, not the manual hacker.. Which may be a good start, but there ARE manual hackers out there :)

Autoloading would be way easier to make secure. The only way to circumvent it, would be to upload your own perl. And even then, which wouldnt work as easy, since no-exec is set on /tmp, so you'd have to find a 777 directory somewhere to dump your binary.

PHP for example, can be told to load .so "extension", which are initialized before the actual PHP code.. It seems strange that perl doesnt have something like it (though PHP is, of course, not the best example of anything ;) )

Replies are listed 'Best First'.
Re^5: perl pre-execution hook
by ikegami (Patriarch) on Jan 04, 2011 at 21:39 UTC

    It seems strange that perl doesnt have something like it

    Not at all. Noone spent the time, possibly because it's much easier writing the following wrapper: 

    #!/bin/sh
/usr/bin/perl.shadow -MFoo "$@"

    [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom