Net::POP3 SSL?
How do I use Net::POP3 (or is there an alternative to Net::POP3) to talk to an SSL POP3 server (like gmail's)? Regards, dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
CGI::Session file permission?
Am I right to think that CGI::Session::File driver is insecure? It creates the session files with a hardcoded 0644 permission, while the synopsis/examples tell us to store the files in /tmp. Regards, dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: LWP: Accessing https URL from http proxy unimplemented?
Ing. Branislav Gerzo wrote: DG I do have all three modules (Crypt::SSLeay, Net::SSLeay, DG IO::Socket::Perl) installed, but still can't get https:// through an DG http proxy. LWP::UserAgent would immediately return a response object DG with code 501. I can access https:// URLs directly (without a proxy) and DG get http:// URLs using proxy though. your proxy have to support SSL, so try to do that with: 213.46.246.134 155.229.204.25 66.255.117.66 all on port 80. Also, you have to properly set up proxy to UserAgent, for example: $ua-proxy(['http', 'https'] = http://213.46.246.134:80;); I have done the above and the proxy (squid) does support SSL (using CONNECT method), I use it everyday. LWP returns 501 without hitting the proxy though, so can I confirm here that LWP doesn't support https request over http proxy? -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
LWP: Accessing https URL from http proxy unimplemented?
Is there an alternative to do this in Perl (without resorting to system wget ... or system curl ...)? -- sh -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: LWP: Accessing https URL from http proxy unimplemented?
Peter Scott wrote: In article [EMAIL PROTECTED], [EMAIL PROTECTED] (David Garamond) writes: Is there an alternative to do this in Perl (without resorting to system wget ... or system curl ...)? See http://search.cpan.org/src/GAAS/libwww-perl-5.803/README.SSL I do have all three modules (Crypt::SSLeay, Net::SSLeay, IO::Socket::Perl) installed, but still can't get https:// through an http proxy. LWP::UserAgent would immediately return a response object with code 501. I can access https:// URLs directly (without a proxy) and get http:// URLs using proxy though. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: LWP: Accessing https URL from http proxy unimplemented?
David Garamond wrote: Peter Scott wrote: In article [EMAIL PROTECTED], [EMAIL PROTECTED] (David Garamond) writes: Is there an alternative to do this in Perl (without resorting to system wget ... or system curl ...)? See http://search.cpan.org/src/GAAS/libwww-perl-5.803/README.SSL I do have all three modules (Crypt::SSLeay, Net::SSLeay, IO::Socket::Perl) installed, but still can't get https:// through an http proxy. LWP::UserAgent would immediately return a response object with code 501. I can access https:// URLs directly (without a proxy) and get http:// URLs using proxy though. Oh, I get what you're suggesting now. I should use Net::SSLeay directly instead of LWP. Thanks. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Becoming Disenheartened - Everyone talks about Python and says Perl is old news.
Gavin Henry wrote: I really like Perl, but lately everywhere I seem to go and talk to say I shouldn't be learning Perl as it's old and Python is better. My Good Lord, where have you been? Python is _already_ old news. Ruby, baby! :-) I am on the right path? The right path is probably to learn them all, and pick whichever satisfies you the most. Or use the right tool for the right job. I know not everybody have the time to learn new programming languages every few months. But frankly I think that's the best advice I can give you. Learning new programming languages will make you a better programmer, and it will asnwer your own question on whether you should continue using language X, use both X and Y, or move on to Y completely. Here's my own experience, hopefully it can help you. I know Perl since 1997. It has taught me _a lot_ (about programming, about the hacking culture, about other languages). Then I started to be interested in Python around 2000. Despite 1-2 years trying to familiarize and use Python, it never really got to me. I guess I never enjoy programming in that language. Nowadays I very rarely use Python at all. I install Python mostly just to run BitTorrent. Then I started to be interested in Ruby in 2001. This I like. But despite promising myself to replace Perl with Ruby, today I still program like 50% : 50% in Ruby : Perl. There are just some things that I can write much faster and more convenient using Perl. Especially when writing one liners or when I can just use one or two CPAN modules and get the job done. And then there's PHP. I use (or have to use it) since 1999. Despite swearing several times never to use PHP again, and cursing every time I have to code many lines in it, today I am still stuck with PHP at times. I found that, once you learn enough Perl, you just can't let it go completely. Perl and CPAN are too damn useful :-) -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Weird SMTP filtering/blocking problem
I run a homegrown SMTP daemon written in Perl, on Redhat 7.3. Lately, emails sent from some clients are received in duplicates. The clients either run Communigate Pro, or IPlanet, MDaemon, all running some versions of Windows. The emails duplicate because the client sends it multiple times. The cause is when it finishes sending DATA (with .), my program replies with the 250 response but the client didn't receive it. After long waiting, it would disconnect and later try sending again, several times. Emails from other senders, like yahoogroups, hotmail, etc. do not experience this problem. After some more testing, a filtering seems to be the cause of the problem. If I print 250 QUEUED - 123 or (somewhat mimicking qmail) 250 QUEUED(250) - 1084263071 qp 4221 then everything works, but if I send: 250 QUEUED(250) - 8c3d931926ca4e8a9dfea84f06dbdc1a then the client won't receive the above 250 response line. The 32 hexacharacter part is a GUID which I produce randomly using 16 bytes retrieved every time from /dev/urandom. Now why would a proxy or a firewall regard a random 32 hexadecimal character as suspicious and block/filter it? Is this a known problem? I couldn't find any other cause (like line-ending differences, buffering issues) aside from this particular thing that seems to cause the problem. Any insight would be appreciated. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
forcing stack backtrace in the case of unhandled exception/Perl error
I've [re]discovered the wonderful world of Carp. I've now peppered most of my scripts with 'use Carp qw(verbose);'. However, whenever things go wrong (like my program calls an undefined subroutine, or I tried to modify a constant), my program dies without the stack backtrace. Any idea how I can get a backtrace? -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: forcing stack backtrace in the case of unhandled exception/Perl error
Randy W. Sims wrote:
On 4/26/2004 1:02 PM, David Garamond wrote:
I've [re]discovered the wonderful world of Carp. I've now peppered
most of my scripts with 'use Carp qw(verbose);'.
However, whenever things go wrong (like my program calls an undefined
subroutine, or I tried to modify a constant), my program dies without
the stack backtrace. Any idea how I can get a backtrace?
$SIG{__WARN__} = sub {
# verbose output
}
$SIG{__DIE__} = sub {
# verbose output
}
perldoc perlvar
Thanks! I've forgotten all about warn and die handlers.
--
dave
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/ http://learn.perl.org/first-response
Re: exit perl script and cd in bash?
John W. Krahn wrote: It is very easy to change the directory from inside a Perl program however as soon as the program exits the changes will be lost. This is true of Perl or C or Bash or anything that runs as a child of the shell. A child process cannot change its parent's environment. This would not solve the OP's problem of course, but I'd like to point out that when one wants a process to set the parent's environment, and the parent is a shell, one usually does this: $ eval `COMMAND` An example of COMMAND would be ssh-agent, which outputs: SSH_AUTH_SOCK=/tmp/... SSH_AGENT_PID=... The output then gets eval-ed by the shell and becomes part of the shell's environment. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Perl equivalent of Ruby/DL?
Rob Dixon wrote: Ruby/DL is a Ruby module that enables one to load a .DLL/.so and start using exported functions available in the DLL. It's a nice alternative of using an external library without messing with XS or writing real C files. Ruby/DL has been included in the standard Ruby distribution since 1.8. http://ttsky.net/ruby/ruby-dl.html I wonder if CPAN has something similar to this. Hi Dave. You could take a look at Win32::API. I've found the module, it's called C::DynaLink by John Tobey. Nifty! I'm gonna give it a try. Thanks, -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Perl equivalent of Ruby/DL?
Ruby/DL is a Ruby module that enables one to load a .DLL/.so and start using exported functions available in the DLL. It's a nice alternative of using an external library without messing with XS or writing real C files. Ruby/DL has been included in the standard Ruby distribution since 1.8. http://ttsky.net/ruby/ruby-dl.html I wonder if CPAN has something similar to this. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
pick N random lines from a file
I'm trying to extend the Perl cookbook recipe on how to pick a random
line from a file:
#!/usr/bin/perl
rand($.) 1 ($line = $_) while ;
print $line;
for picking up to N random lines from a file:
start code--
#!/usr/bin/perl
die Usage: $0 N, where N is the number of lines to pick\n
if @ARGV 1;
$N = shift @ARGV;
@pick = ();
while () {
if (@pick $N) {
push @pick, $_;
($r1, $r2) = (rand(@pick), rand(@pick));
($pick[$r1], $pick[$r2]) = ($pick[$r2], $pick[$r1]);
} else {
rand($.) = $N and $pick[rand(@pick)] = $_;
}
}
print @pick;
-end code---
Could anyone verify if the algorithm is correct?
Thanks in advance,
--
dave
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/ http://learn.perl.org/first-response
Something like PHP's PEAR::DB_NestedSet?
This PHP module looks cool: http://pear.php.net/package/DB_NestedSet is there something like it in CPAN? -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
comparison between two regexes?
Given two regex patterns R1 and R2, is it possible at all to determine/calculate: - whether R1 is a subset of R2, i.e. all strings that match R1 will also always match R2, but not necessarily the other way around; - whether R1 is equivalent or equal to R2, i.e. all strings that match R1 will also always match R2, and all strings that match R2 will also always match R1. - whether R1 does not intersect R2, i.e. no string can match both R1 and R2 at the same time, a string can match either R1 or R2 but never both. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: comparison between two regexes?
I wrote: Given two regex patterns R1 and R2, is it possible at all to determine/calculate: - whether R1 is a subset of R2, i.e. all strings that match R1 will also always match R2, but not necessarily the other way around; - whether R1 is equivalent or equal to R2, i.e. all strings that match R1 will also always match R2, and all strings that match R2 will also always match R1. - whether R1 does not intersect R2, i.e. no string can match both R1 and R2 at the same time, a string can match either R1 or R2 but never both. Hm, after browsing a bit, I found this: http://www.mail-archive.com/[EMAIL PROTECTED]/msg00233.html Come to think of it, the difficulty of the problem is comparable to determining whether two computer programs are equivalent to each other (i.e. given the same input, it will always generate the same output). Oh well... -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: limiting resource in regex matching
david wrote: The Perl book (I think it's the Programming Perl) has an example where a certain reg. exp and string combination can make Perl's reg. engine run forever (in terms of years!) because of backtracking. The solution the book generally recommand is to use one of the newer reg. exp extension with positive, negative look ahead, etc. You might want to check it out. Since you are letting user directly entering their reg. exp., the above probably won't work. Why not just time out the reg. exp if it's taking longer than you allow? For example, you can time out the match if it's taking longer tank 3 seconds? This method is used quit extensively when people want to time out slow system calls. thanks david. yeah, i think i'll use the OS facilities for this. i was initially hoping for a predictive/preventive solution (like a regexp analyzer or Safe.pm-for-regex-language or something). but OS-based solution is also fine with me. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
limiting resource in regex matching
i'm creating a web interface for users to add their own mail filtering rules. the rules allow them to specify regexes to match headers and mail body. however, i'm a little concerned with how users can accidentally/ intentionally use too complex regexes like this (a+.*(b+.+(c*.+)*.*))* and the machine will just crawl when doing matching. is there some way i can limit the amount of cpu time/amount of backtracking/etc when doing regex matching? or do i have to resort to os-based resource limiting? -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
replace strings and preserve case
is there a short recipe to do this in perl? i want to replace all die with paint and preserve case (i.e. Die should be replaced by Paint, DIE by PAINT, and so on). there's a smart snippet on TPJ to do this: $string =~ s/($x)/\L$y^\L$1^$1/ie; but it only works if the replacement string is of the same length. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: detecting visually similar strings
hi perl, Perl wrote: For speed, I'd recommend caching a simplified 'eyedex' version of each person's username, either as a new column in their main record, or in a secondary list that is cross-indexed by the user_id. thanks for the suggestion. grouping visually similar characters (or chunks, more specifically, because i also want to catch things like m and nn) and then replacing all occurences of such chunks with one representation (e.g.: all 1, |, !, and l into 1, or the eyedex version) is a pretty straightforward approach i guess. i'll probably try to do an implementation of it and see how well it does. but after some more thinking yesterday, it occured to me that this typo attack problem is actually much more difficult. it has to deal with different fonts and even gliphs/figures in general. for example, in some fonts W is visually similar to VV (two Vs). 1 (the digit one) and l (the lowercase L) in some fonts are pretty distinct, while in some other fonts they might be virtually indistinguishable to the common eyes. then there's the problem of different faces (italics, bold, etc), text styles (strikethroughs, underlines/overlines), and different font sizes that could complicate the matter even further. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
emacs perl mode
i've recently upgraded emacs from 20 to 21.2 and was delighted that the syntax coloring now works over telnet sessions. however, i've noticed that the perl mode which comes with the emacs distribution is not 'smart' enough. mainly, it can't detect strings which are quoted by q() or qq() (unfortunately, i use it a lot!). is anybody aware of other perl modes out there which might be 'smarter'? -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to get the last line of a file
alex chen wrote:
hi, all
i want to know how to get the last line of
a file .i know the func read has a paramenter offset but i don't know how to
use it.please help!!!
the easy way (but inefficient):
# read until the last line
open F, file.txt or die $!;
$last=$_ while F;
the more (though probably not the *most*) efficient way:
# position pointer at the end of file, and then search for newlines
open F, file.txt or die $!;
seek F, 0, 2;
while ($pos = tell F) {
seek F, -($pos 1024 ? 1024 : $pos), 1 or die;
read F, $block, 1024;
$_ .= $block;
do {$last=$1; print $last; last} if /.+\n(.+)/s;
}
print Last line is: $last;
hope it helps.
--
dave
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
overriding builtin functions for sandboxing (Re: Safe.pm examples?)
i've been playing with Safe.pm for the past two days, and it's really
giving me headaches :-) i can't seem to do anything really useful with
it. the namespace chroot-ing makes me unable to use pretty much every
extension modules i want to use. dynamic loading also doesn't seem to
work at all inside the safe compartment.
so i set back and rethink what actually i want to accomplish in the
first place. that is: i want to prevent an untrusted and potentially
dangerous perl code from doing these things:
- accessing certain part of filesystems;
- using sockets to communicate with the outside world;
- access databases;
- write or read shared memory;
- executing other programs;
in essence, i want to prevent the snippets of perl code that i will be
receiving from the Net to store information persistently and/or send
information outside (phoning home, etc). i'm not really concerned
about resource limiting at the moment; i can always kill the naughty
process or let my OS do that.
looking at the examples David and Steve Grazzini gave a couple of days
ago, i thought that perhaps overriding builtin functions will
sufficiently do that. that is, if i do this:
#!/usr/bin/perl
BEGIN {
sub CORE::GLOBAL::system { die }
sub CORE::GLOBAL::exec { die }
sub CORE::GLOBAL::open { die }
sub CORE::GLOBAL::sysopen { die }
sub CORE::GLOBAL::socket { die }
sub CORE::GLOBAL::require { ... }
# ... and a bunch of other functions ...
}
eval { do untrusted.pl; };
will i be reasonably safe? i will be overriding 'require' so it only
allows an explicit set of modules that are considered safe. is there a
way for perl code later in the execution steps to somehow restore the
overriden builtins? (i certainly hope not :-)
--
dave
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
private object attributes
i've read the Object Orienter Perl book by Damian Conway, and in chapter
11 he explains about Tie::SecureHash that's supposed to provide
capability to create private attributes.
however, since a package is never closed, and we cannot override the
'package' op (via declaring sub CORE::GLOBAL::package {} for example),
an untrusted client can just do this:
package MyClass;
sub get_priv_attr { my $self = shift; $self-priv_attr }
are there other ways to reasonably accomplish privateness?
--
dave
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: private object attributes
Paul Johnson wrote: In general Perl treats this as a social rather than a programming problem. This tends to unnerve some people coming from BD (programming) backgrounds. yes, i know this; i have a background in python, and the private attribute thingy is also not available in the language (unless for attributes prefixed by __, for which there are some mangling done by the interpreter to hide them). But if that's what you want, blessing a closure is probably more secure than most other languages. Be aware though, that if someone starts wielding the B modules, you have no chance. thanks for the tip. the reason i am looking for real private attributes in the first place because i need to give objects (which are usually blessed hashrefs) to untrusted code. i certainly do not wish the code messing with attribute values (and re-blessing them, but 'bless' can be overriden, so i think this one's not a problem). -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: On script sandboxing
nkuipers wrote: Pardon my ignorance, but what's the deal? Unless it comes authored, tested and at least partially documented, like a CPAN module for example (other than Safe.pm ;), why take the risk of exposing one's system to some script off the Net? Saves time? Why reinvent the wheel? How much time is spent ratifying the script, or getting set up to do so? Two days perhaps? ;) Arguably, if you can't accomplish a task by tailoring some combination of CPAN stuff to your needs, it's time to role your own solution. It's just my two cents, unasked for, and probably laughable. Oh well. language-provided sandboxing is useful for several (if not many) things: - applets; - MUD stuffs (exchanging behaviour/code objects between users); - OS-independent protection layer (there's no chroot in win32); - fine-grained protection; - sub-process (like per-thread or per-package, etc) protection (on the OS level, protection is process-wide); basically, sandboxing is nice, because you can practice the Principle of Least Authority (which is a Good Thing). who knows what bugs a piece of code can contain, or what evil input data can an unsuspecting code receive? putting code in a flexible sandbox can minimize the potential damages. however, as steve grazzini has graciously demonstrated to me, perl5 cannot do effective sandboxing at all. not even with the latest version of Safe.pm. there's nothing that can prevent a piece of perl code from overwriting any file (as far as the OS permits, of course). so i might as well forget the whole idea of sandboxing perl scripts. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: private object attributes
James Edward Gray II wrote: On Thursday, October 10, 2002, at 12:00 PM, David Garamond wrote: thanks for the tip. the reason i am looking for real private attributes in the first place because i need to give objects (which are usually blessed hashrefs) to untrusted code. i certainly do not wish the code messing with attribute values (and re-blessing them, but 'bless' can be overriden, so i think this one's not a problem). The Perl take on something like this is that if they do re-bless or whatever, they've violated your supplied interface and the ensuing chaos is their mess to clean up. well, according to the scenario, they're untrusted after all :-) -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with hashes
Nicole Seitz wrote:
17 elsif ($line =~/^;([^\(]+)\s?[^\)]+\)\s?;(ZB-HP);Elsevier;/ ){
18#print $1\t$2\n\n;
19$title = $1;
20$title =~ s/\s$//;
21$titles{$title}= $2;
22}
23}
24 while ( ($key, $value) = each %titles) {
25print $key = $value\n;
26 }
snip
Use of uninitialized value in concatenation (.) or string at test.pl line 25,
INPUT line 4.
Can someone tell me why?I can't see the problem.
you probably want to store $2 in a temporary variable first, say at line
19 (don't forget to update line 21). the s/// operator resets the $1,
$2, ... variables after a successful substitution.
--
dave
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Safe.pm examples?
david wrote: i won't say it's broken, it's just that the Safe.pm is not finalized yet and thus will undergo(probably) major changes even in the interface level. example: thanks for providing the example, david. i've been reading the Safe.pm and the Opcode documentation, and i am seeing an issue here. as i understand it, Safe.pm works by first setting up an opcode mask for compilation. this means that we can reject any mkdir or open or other potentially dangerous operations from getting compiled at all. after that, we can be pretty sure that the untrusted code that we are running will not contain any dangerous operation, unless of course we give it an object reference (=capability) from outside the compartment so the restricted code can call an outside method/sub to do unrestricted operations. this is nice and all, but kind of restricted/non-transparent. suppose i want to allow an untrusted code access to a certain part of filesystem only (say, /home/david/sandbox). then i must disallow open and sysopen opcodes. but this restrict access to all files. to achieve what i want, i will have to modify the untrusted source code and change statements like: open F, $path; to something like: $external_obj-open(\*F, $path); where $external_obj is an object which we create and give to the restricted code to provide filtered access to dangerous operations. this means we can't use an untrusted code right away. we have to modify its source code (into something unnatural). is there a module or something does that job for us transparently? i.e., in the compilation stage, instead of disallowing an opcode, the dangerous opcode instruction is changed to become a call to our provided sub instead. this means that if the restricted code contains 'open F, string', that instruction is changed to CALL filtered_open, F, string. this means we don't have to modify the untrusted source code. we just provide a sub (filtered_open) and all the open operation will go through checking first. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Safe.pm examples?
david wrote:
sub main::open{
#-- testing purpose
if($_[0] =~ m#^/#){
die(Access under / not allowed\n);
}else{
open(FILE,$_[0]) || die $!;
return FILE;
}
}
my $fh = open('whatever');
oh, i didn't know you could do that :-) cool. that's what i'm looking for.
the point is, i have an unknown perl code, possibly dangerous, and i
want to execute it in a controlled environment. i couldn't manually
change the code, so creating a wrapper like the above is just what i
need. thanks.
--
dave
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Safe.pm examples?
i wonder if there is a way we can do this wrapping with the 'require'
opcode top. i.e., i want to allow the 'require' opcode but trap every
'require' statements through my checking subroutine, which will only
allow certain perl modules to be imported by the untrusted code.
--
dave
David Garamond wrote:
david wrote:
sub main::open{
#-- testing purpose
if($_[0] =~ m#^/#){
die(Access under / not allowed\n);
}else{
open(FILE,$_[0]) || die $!;
return FILE;
}
}
my $fh = open('whatever');
oh, i didn't know you could do that :-) cool. that's what i'm looking for.
the point is, i have an unknown perl code, possibly dangerous, and i
want to execute it in a controlled environment. i couldn't manually
change the code, so creating a wrapper like the above is just what i
need. thanks.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: WHO IS NAVER-MAILER@naver.com ???
[EMAIL PROTECTED] wrote: Every time I send a message to this list, I receive a message from [EMAIL PROTECTED] immediately afterwards. It appears to be garbage (lots of screwy characters...). Where is this coming from? Am I the only one receiving these? i suspect there is/are bouncing subscriber(s) from that host. the mail server is [incorrectly] bounce the post to the sender, not to Return-Path. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Safe.pm examples?
i'm looking for something like a sandbox/compartment (like rexec module in python) so that i can be [reasonably] confident running untrusted snippets of code from inside the same process. Safe.pm seems like the perl way of doing it, right? however, from what i skimmed from the posts i got from google, Safe.pm is considered to be too broken to use. anyone care to explain why Safe.pm is too broken, or if it can be used at all, some examples or projects where it is being used? -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
package name alias (for shorter variable name)
i have several constants in a package:
package Foo::Bar::Constants;
$alice = {name=Alice, low=-10, high=21};
$bruce = {name=Bruce Wayne, low=-17, high=5};
$charlie = {name=Charlie, low=-3, high=3};
$devon = {name=Devon E., low=1, high=29};
and i want to use them in another package:
package main;
require Foo::Bar::Constants;
use Foo::Bar::Functions;
add_foo(\@a1, $Foo::Bar::Constants::alice, 1, 3);
add_foo(\@a1, $Foo::Bar::Constants::bruce, 2, -1);
is there a way to refer the constants by a shorter package name (say '
'$X::alice') without having to make the 'Foo::Bar::Constants' an
Exporter? i also prefer not to import '$alice' and the gang to 'main'
because there are lots of constants in 'Foo::Bar::Constants' and many of
them have pretty short and generic names.
thanks in advance.
--
dave
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: package name alias (for shorter variable name)
thanks for the answer, bob. Bob Showalter wrote: There's nothing that says the file Foo/Bar/Constants.pm must have a package Foo::Bar::Constants declaration. true, and i've realized that. i come from a python background and by contrast, in python, filename and directory name dictate the package/namespace. But I think you'll find this kind of thing goes against the spirit of how modules work. indeed. i still want to name my package Foo::Bar::Constants. the 'X' (or let's name it 'tmp') is just a temporary prefix to help ease my weary typing hands. in python i can do something like this: import Foo.Bar.Constants print Foo.Bar.Constants.alice tmp = Foo.Bar.Constants print tmp.alice tmp2 = tmp print tmp2.alice the three 'print' statements print the same thing. i had thought that in perl we can do some aliasing with the symbol table (the * and \* stuffs)? this is one beast i have yet to understand. Another approach might be to stuff those values into a hash and export just the hash: hm, i don't think i like this approach. i don't want to hashify everything. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: package name alias (for shorter variable name)
Timothy Johnson wrote: I'm not sure if this is a GOOD idea, but I THINK you can actually get away with something like this: In your module, insert a shorter package name, but keep the module in the same place. So: package Foo::Bar::Constants; #do stuff here package MyConst; $ConstantA = My Constant; #add more constants here Then you can do a 'use Foo::Bar::Constants', and then call the constants via $MyConst::ConstantA; but i still want my constants to reside in Foo::Bar::Constants package. it's just that sometimes, when i'm referring to the constants *a lot*, i wish they were referrable with short names. but i prefer not using Exporter and @EXPORT_OK. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: package name alias (for shorter variable name)
James Edward Gray II wrote:
I haven't tested it, but I'm quite sure:
my $p = 'Long::Package::Name';
$p-constant;
...works as expected. If memory serves this is even allowed under the
strict pragma. If not though, you could always localize a block with no
strict 'refs' where you need it.
$p-foo only works when 'foo' is a subroutine.
btw, i seem to be able to use:
$tmp = Foo::Bar::Constants;
print ${$tmp.::alice};
but this fails in 'strict refs'. and though a bit shorter, it's not
pretty either (IMO).
--
dave
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: package name alias (for shorter variable name)
James Edward Gray II wrote: Building on this though, if you made the constants module, couldn't you make them subs? I believe this is even how the use constant pragma functions. Heck make it an object oriented module with static methods and it's even designed well. Just a thought. good idea. i think i'll use 'use constant' from now on. it's clearer, $p-constname works, plus i can get rid of the '$' prefix altogether. thanks! -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: package name alias (for shorter variable name)
Bob Showalter wrote:
use Foo::Bar::Constants ();
{ package X; Foo::Bar::Constants-import }
print $X::alice-{name};# prints Alice
Here your using the Exporter functionality, but exporting symbols into the
X namespace instead of your current namespace. The empty parens on the
use prevents the symbol imports into package main. (An alternative is to
use @EXPORT_OK in the module and then just pass the @EXPORT_OK list to the
call to import().)
nice trick :-) but the resulting code seems complex to me. 'use
constant' is actually what i'm looking for, i think. thanks though.
--
dave
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: package name alias (for shorter variable name)
Jeff 'japhy' Pinyan wrote: It's important to know that those constants aren't as efficient as their non-method syntax cousins: package FOO; use constant BAR = 10; package main; print FOO::BAR; # at compile-time, Perl makes that 'print 10' print FOO-BAR; # FOO-BAR doesn't become 10 until run-time So you're not saving anything. In fact, I bet THAT is SLOWER than $FOO::BAR. *AND* it won't interpolate (easily) in strings. All the more reasons to use real scalars. well, slower is fine with me, as long as it's FAST ENOUGH for my needs. i like the way constants look; they stand out compared to variables. -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: package name alias (for shorter variable name)
Jeff 'japhy' Pinyan wrote: %Foo::Bar::Constants::. But anyway, here's the trick I'd use: *short:: = *Foo::Bar::Constants::; print $short::name; # $Foo::Bar::Constants::name ah thanks, this package aliasing thingie is what i had been trying to accomplish several hours earlier, to no success :-) -- dave -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
