On Wed, Jan 4, 2012 at 5:55 PM, Puneet Kishor <[email protected]> wrote:
> > On Jan 4, 2012, at 5:39 PM, David Mertens wrote: > > > On Wed, Jan 4, 2012 at 2:32 PM, Puneet Kishor <[email protected]> > wrote: > > > >> > >> On Dec 30, 2011, at 12:08 AM, Joel Berger wrote: > >> > >>> Although you would probably need to do some sandboxing or else > >>> somereworking, you might check out > >>> showmetheshell,https://github.com/vti/showmetheshell > >>> Its a lightweight, perl-driven, browser based terminal! > >>> > >>> If you change the line > >>> > >>> PocketIO->new(instance => Handler->new(cmd => '/bin/bash')); > >>> > >>> to > >>> > >>> PocketIO->new(instance => Handler->new(cmd => 'pdl')); > >>> > >>> The browser terminal starts up with a new pdl prompt and everything. > >>> One really just needs to look into the sandboxing at that point. > >> > >> > >> > >> Wow, this is a whole bucket of fun. > >> > >> I really want to make this available to the inquiring, inquisitive > >> potential PDLer, but am not sure what to do to sandbox it. I poked > around > >> the docs but didn't see anything mentioned. Any suggestions? I would be > >> happy to host this on my machine, at least until things get out of hand. > >> > > > > I haven't looked at showmetheshell, but I expect that Joel meant Safe.pm: > > http://perldoc.perl.org/Safe.html > > > > If you wrap the interpreter in Safe.pm, you could prevent users from > > trashing the Perl interpreter that's running the shell. (Again, that may > > not even be a problem. I'm not sure. Any comments, Joel?) > > > I will take a look at Safe.pm, but I am concerned about shit like so > > pdl> $str = "rm /*.*" > pdl> system($str) > > > > > > > David > > > > -- > > Sent via my carrier pigeon. > > You might be able to protect yourself from this by running the server under a process that can't actually delete any files. It'll be a mild headache setting up the permissions for it, but it could be done. But Safe.pm should work for this, too. David -- Sent via my carrier pigeon.
_______________________________________________ Perldl mailing list [email protected] http://mailman.jach.hawaii.edu/mailman/listinfo/perldl
