>>>>> "Richard" == Richard L Goerwitz <[EMAIL PROTECTED]> writes:
Richard> That's a neat idea.
Richard> The only quibble I can think of is that this doesn't go far enough.
Richard> This lower level of privilege we're talking about is one in which -
Richard> 1) Only specific Perl modules are available (or ones in specific
Richard> paths; no literal 'sub { ... }' handlers)
Richard> 2) PerlSetEnv (and PerlPassEnv?) aren't usable
Richard> 3) PERL5LIB isn't changeable
Richard> 4) <Perl> sections are unavailable
I think y'all are missing it. As soon as I have any Perl code access
via Apache::Registry or anything like that, I can do this:
*Apache::Registry::handler = \&my_trojan_horse;
Unless you use "Safe", any access to any Perl invocation means you are
insecure.
So mod_perl is inherently unsafe. Either you have access to Perl, or
you don't. And when you don't, you might as well invent a meta-API,
like the one I suggested with Template Toolkit. You can't use the
generic tools... they're too powerful.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
