Digital Mages - Paranoid(3)
Paranoid
Section: User Contributed Perl Documentation (3)
Updated: 2022-03-08
Index
NAME
Paranoid - Paranoia support for safer programs
VERSION
$Id: lib/Paranoid.pm, 2.10 2022/03/08 00:01:04 acorliss Exp $
SYNOPSIS
use Paranoid;
$errMsg = Paranoid::ERROR;
psecureEnv("/bin:/usr/bin");
sub foo {
# this function can return '0' as a valid return value
# that should be construed as a boolean true value
return PTRUE_ZERO;
}
DESCRIPTION
This collection of modules started out as modules which perform things
(debatably) in a safer and taint-safe manner. Since then it's also grown to
include functionality that fit into the same framework and conventions of the
original modules, including keeping the debug hooks for command-line
debugging.
All the modules below are intended to be used directly in your programs if you
need the functionality they provide.
This module does provide one function meant to secure your environment
enough to satisfy taint-enabled programs, and as a container which holds the
last reported error from any code in the Paranoid framework.
IMPORT LISTS
This module exports the following symbols by default:
psecureEnv
The following specialized import lists also exist:
List Members
--------------------------------------------------------
all @defaults PTRUE_ZERO
SUBROUTINES/METHODS
psecureEnv
psecureEnv("/bin:/usr/bin");
This function deletes some of the dangerous environment variables that can be
used to subvert perl when being run in setuid applications. It also sets the
path, either to the passed argument (if passed) or a default of
``/bin:/sbin:/usr/bin:/usr/sbin''.
NOTE: I did explicitly exclude /usr/local directories from the default
path for the following reason: /usr/local is often used by admins to stash
random scripts and programs which may not have undergone any serious scrutiny
and review for security issues. Only the base OS directories are presumed as
safe, and even that may be stretching the truth as it is. You can override
the defaults as desired.
Paranoid::ERROR
$errMsg = Paranoid::ERROR;
Paranoid::ERROR = $errMsg;
This lvalue function is not exported and must be referenced via the
Paranoid namespace.
PTRUE_ZERO
This is a constant that evaluates to '0 but true', which allows
0 to be
passed for boolean true use-cases.
TAINT NOTES
Taint-mode programming can be somewhat of an adventure until you know all the
places considered dangerous under perl's taint mode. The following functions
should generally have their arguments detainted before using:
exec system open glob
unlink mkdir chdir rmdir
chown chmod umask utime
link symlink kill eval
truncate ioctl fcntl chroot
setpgrp setpriority syscall socket
socketpair bind connect
DEPENDENCIES
While this module itself doesn't have any external dependencies various child
modules do. Please check their documentation for any particulars should you
use them.
SEE ALSO
The following modules are available for use. You should check their
POD for
specifics on use:
- o
-
Paranoid::Args: Command-line argument parsing functions
- o
-
Paranoid::Data: Misc. data manipulation functions
- o
-
Paranoid::Data::AVLTree: AVL-Balanced Tree Class
- o
-
Paranoid::Data::AVLTree::AVLNode: AVL-Balanced Tree Node Class
- o
-
Paranoid::Debug: Command-line debugging framework and functions
- o
-
Paranoid::Filesystem: Filesystem operation functions
- o
-
Paranoid::Glob: Paranoid Glob objects
- o
-
Paranoid::IO: File I/O wrappers for sysopen, etc.
- o
-
Paranoid::IO::FileMultiplexer: File Multiplexer Object
- o
-
Paranoid::IO::FileMultiplexer::Block: Block-level Allocator/Accessor
- o
-
Paranoid::IO::FileMultiplexer::Block::BATHeader: BAT Header Block
- o
-
Paranoid::IO::FileMultiplexer::Block::FileHeader: File Header Block
- o
-
Paranoid::IO::FileMultiplexer::Block::StreamHeader: Stream Header Block
- o
-
Paranoid::IO::Line: I/O functions for working with line-based files
- o
-
Paranoid::IO::Lockfile: I/O functions for working with lock files
- o
-
Paranoid::Input: Input-related functions (file reading, detainting)
- o
-
Paranoid::Log: Unified logging framework and functions
- o
-
Paranoid::Log::Buffer: Buffered-based logging mechanism
- o
-
Paranoid::Log::File: File-based logging mechanism
- o
-
Paranoid::Module: Run-time module loading functions
- o
-
Paranoid::Network: Network-related functions
- o
-
Paranoid::Network::IPv4: General IPv4-related functions
- o
-
Paranoid::Network::IPv6: General IPv6-related functions
- o
-
Paranoid::Network::Socket: Wrapper module for Socket & Socket6
- o
-
Paranoid::Process: Process management functions
BUGS AND LIMITATIONS
AUTHOR
Arthur Corliss (
corliss@digitalmages.com)
LICENSE AND COPYRIGHT
This software is free software. Similar to Perl, you can redistribute it
and/or modify it under the terms of either:
a) the GNU General Public License
<https://www.gnu.org/licenses/gpl-1.0.html> as published by the
Free Software Foundation <http://www.fsf.org/>; either version 1
<https://www.gnu.org/licenses/gpl-1.0.html>, or any later version
<https://www.gnu.org/licenses/license-list.html#GNUGPL>, or
b) the Artistic License 2.0
<https://opensource.org/licenses/Artistic-2.0>,
subject to the following additional term: No trademark rights to
``Paranoid'' have been or are conveyed under any of the above licenses.
However, ``Paranoid'' may be used fairly to describe this unmodified
software, in good faith, but not as a trademark.
(c) 2005 - 2020, Arthur Corliss (corliss@digitalmages.com)
(tm) 2008 - 2020, Paranoid Inc. (www.paranoid.com)
Index
- NAME
-
- VERSION
-
- SYNOPSIS
-
- DESCRIPTION
-
- IMPORT LISTS
-
- SUBROUTINES/METHODS
-
- psecureEnv
-
- Paranoid::ERROR
-
- PTRUE_ZERO
-
- TAINT NOTES
-
- DEPENDENCIES
-
- SEE ALSO
-
- BUGS AND LIMITATIONS
-
- AUTHOR
-
- LICENSE AND COPYRIGHT
-
Copyright © 1997 - 2019,
Arthur Corliss, all rights reserved.