Paranoid

---

Description | Documentation | Samples | Credits | Files

---

Description

Paranoid is a suite of Perl modules (also available on CPAN) that are intended enforce safer programming by providing functions that perform more sanity checks as well as enforcing taint mode.

While not perfect in many respects, it is designed to be as safe as possible, while providing consistent diagnostics. It currently provides functions and objects to handle everything from data maniputation to IO access. Unified logging frameworks (with internal distribution supporting syslog, SMTP, and files, etc.), forked program infrastructure, command-line argument processing, and more.

---

Description | Documentation | Samples | Credits | Files

---

Documentation

• Paranoid(3)
• Paranoid::Args(3)
• Paranoid::Data(3)
• Paranoid::Data::AVLTree(3)
• Paranoid::Data::AVLTree::AVLNode(3)
• Paranoid::Debug(3)
• Paranoid::Filesystem(3)
• Paranoid::Glob(3)
• Paranoid::Input(3)
• Paranoid::IO(3)
• Paranoid::IO::FileMultiplexer(3)
• Paranoid::IO::FileMultiplexer::Block(3)
• Paranoid::IO::FileMultiplexer::Block::BATHeader(3)
• Paranoid::IO::FileMultiplexer::Block::FileHeader(3)
• Paranoid::IO::FileMultiplexer::Block::StreamHeader(3)
• Paranoid::IO::Line(3)
• Paranoid::IO::Lockfile(3)
• Paranoid::Log(3)
• Paranoid::Log::Buffer(3)
• Paranoid::Log::File(3)
• Paranoid::Module(3)
• Paranoid::Network(3)
• Paranoid::Network::IPv4(3)
• Paranoid::Network::IPv6(3)
• Paranoid::Network::Socket(3)
• Paranoid::Process(3)

---

Description | Documentation | Samples | Credits | Files

---

Modules based on Paranoid

A few modules that used to be part of the Paranoid distribution have been broken out as their own distributions due to external dependencies. They can still be found both on CPAN and this site:

• Paranoid::BerkeleyDB
• Paranoid::Log::Syslog
• Paranoid::Log::Email

Samples

The following is a sample list of applications which make use of Paranoid, along with a description of how it is being used in each case:

autofwd

autofwd is an automated firewalling daemon designed to defend against dictionary attacks. It uses the following modules:

• Paranoid: as a program designed to run as root autofwd uses Paranoid to prep the environment for running under taint mode.
• Paranoid::Args: provides command line argument validation, parsing, and handling for autofwd's options.
• Paranoid::BerkeleyDB: provides autofwd an OO interface to the BerkeleyDB module that incorporates the appropriate environment and locking for concurrent database access (CDS), necessary for the daemon and the Cli modes to work on the database simultaneously.
• Paranoid::Debug: provides a debug tracing capability while testing autofwd configurations.
• Paranoid::Input: provides both data detainting capabilities and safe file tailing capabilities that prevent the daemon from loading too much data into memory at a time.
• Paranoid::Log: provides a unified logging interface that distributes events to files, syslog, and/or e-mail as needed..
• Paranoid::Glob: provides an OO interface to an automatically detainted filesystem globbing capability. This allows autofwd to be given globs & wildcards, etc., in its configuration files.
• Paranoid::Module: provides functions for testing and loading modules at runtime, rather than compile time. This allows autofwd to enable optional support for syslogging and e-mail capabilities if their required libraries are present.
• Paranoid::Network: offers autofwd simple functions to match IPs to networks (both IPv4 and IPv6) as well as extract string representations of IPs from arbitrary text. The latter functionality, specifically, is heavily used with the logs being tailed.
• Paranoid::Process: provides functionality for managing both the daemon mode (disassociating the process from the terminal) and child processes.

fsperms

fsperms is a tool for applying security templates to filesystem and directory structures. It uses the following modules:

• Paranoid: as a program designed to run as root fssecure uses Paranoid to prep the environment for running under taint mode.
• Paranoid::Args: provides command line argument validation, parsing, and handling for fssecure's options.
• Paranoid::Debug: provides a debug tracing capability and variable verbosity output control for fssecure.
• Paranoid::Filesystem: provides chmod and chown capabilities with support for automatically resolving UIDs, GIDs, and conversion of relative and explicit permissions, much like the shell commands themselves.
• Paranoid::Glob: provides not only filesystem glob expansion but the ability to recursively load an entire directory hierarchy with relatively good performance. All of which becomes detainted data which can be safely handed to vulnerable system calls.
• Paranoid::Input: provides a simple way to quickly load the contents of a file into memory while placing limits on how much can be limited to avoid excessive memory utilization. It also provides data detainting capabilities.

---

Description | Documentation | Samples | Credits | Files

---

Credits

Thanks to Slaven Rezic <srezic@cpan.org> for finding a bug in the plock implementation and offering great suggestions for resolution.

---

Description | Documentation | Samples | Credits | Files

---

Files

• Paranoid-2.10.tar.gz
• Paranoid-2.09.tar.gz
• Paranoid-2.08.tar.gz
• Paranoid-2.07.tar.gz
• Paranoid-2.06.tar.gz
• Paranoid-2.05.tar.gz
• Paranoid-2.04.tar.gz
• Paranoid-2.03.tar.gz
• Paranoid-2.02.tar.gz
• Paranoid-2.01.tar.gz
• Paranoid-2.00.tar.gz
• Paranoid-0.36.tar.gz