I was more worried about things like Puneet mentioned. Yeah permissions would help. I know nothing about Safe.pm and really nothing about sandboxing, I just knew that I wouldn't want a random person to be able to open a terminal on my box, root or not.
On Wed, Jan 4, 2012 at 6:22 PM, David Mertens <[email protected]> wrote: > On Wed, Jan 4, 2012 at 5:55 PM, Puneet Kishor <[email protected]> wrote: >> >> >> On Jan 4, 2012, at 5:39 PM, David Mertens wrote: >> >> > On Wed, Jan 4, 2012 at 2:32 PM, Puneet Kishor <[email protected]> >> > wrote: >> > >> >> >> >> On Dec 30, 2011, at 12:08 AM, Joel Berger wrote: >> >> >> >>> Although you would probably need to do some sandboxing or else >> >>> somereworking, you might check out >> >>> showmetheshell,https://github.com/vti/showmetheshell >> >>> Its a lightweight, perl-driven, browser based terminal! >> >>> >> >>> If you change the line >> >>> >> >>> PocketIO->new(instance => Handler->new(cmd => '/bin/bash')); >> >>> >> >>> to >> >>> >> >>> PocketIO->new(instance => Handler->new(cmd => 'pdl')); >> >>> >> >>> The browser terminal starts up with a new pdl prompt and everything. >> >>> One really just needs to look into the sandboxing at that point. >> >> >> >> >> >> >> >> Wow, this is a whole bucket of fun. >> >> >> >> I really want to make this available to the inquiring, inquisitive >> >> potential PDLer, but am not sure what to do to sandbox it. I poked >> >> around >> >> the docs but didn't see anything mentioned. Any suggestions? I would be >> >> happy to host this on my machine, at least until things get out of >> >> hand. >> >> >> > >> > I haven't looked at showmetheshell, but I expect that Joel meant >> > Safe.pm: >> > http://perldoc.perl.org/Safe.html >> > >> > If you wrap the interpreter in Safe.pm, you could prevent users from >> > trashing the Perl interpreter that's running the shell. (Again, that may >> > not even be a problem. I'm not sure. Any comments, Joel?) >> >> >> I will take a look at Safe.pm, but I am concerned about shit like so >> >> pdl> $str = "rm /*.*" >> pdl> system($str) >> >> >> >> > >> > David >> > >> > -- >> > Sent via my carrier pigeon. >> > > You might be able to protect yourself from this by running the server under > a process that can't actually delete any files. It'll be a mild headache > setting up the permissions for it, but it could be done. But Safe.pm should > work for this, too. > > > David > > -- > Sent via my carrier pigeon. _______________________________________________ Perldl mailing list [email protected] http://mailman.jach.hawaii.edu/mailman/listinfo/perldl
