[25275] in Perl-Users-Digest
Perl-Users Digest, Issue: 7520 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Wed Dec 15 06:05:32 2004
Date: Wed, 15 Dec 2004 03:05:06 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Wed, 15 Dec 2004 Volume: 10 Number: 7520
Today's topics:
Re: Consecutive Numbers (Anno Siegel)
Re: get startup / running time of a process? <nobull@mail.com>
How to do this job with regular expression <sonet.all@msa.hinet.net>
Re: How to do this job with regular expression <nobull@mail.com>
Re: How to do this job with regular expression <josef.moellers@fujitsu-siemens.com>
Re: pause, wait, etc. <tintin@invalid.invalid>
Re: pause, wait, etc. <nospam@nospam.com>
Re: Quick easy question... (Anno Siegel)
Re: Read mail file? (Linux) <xxxx@yyyy.zzzz>
Re: Read mail file? (Linux) <tassilo.von.parseval@rwth-aachen.de>
Regular Expression Help <stutib@gmail.com>
Re: Regular Expression Help <bernard.el-haginDODGE_THIS@lido-tech.net>
Re: Regular Expression Help <noreply@gunnar.cc>
Re: Regular Expression Help <wyzelli@yahoo.com>
Relational databases and tied hashes? (Lee Goddard)
Re: Requiring perl scripts <nobull@mail.com>
Re: Requiring perl scripts <doureally@needthis.huh>
Restricted Subsets of Perl <andy.glew@intel.com>
Re: Restricted Subsets of Perl <1usa@llenroc.ude.invalid>
Re: Restricted Subsets of Perl <andy.glew@intel.com>
Re: Restricted Subsets of Perl <nobull@mail.com>
Re: Restricted Subsets of Perl <abigail@abigail.nl>
Re: Session management for cgi, ldap, oracle? <amead@comcast.net>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: 15 Dec 2004 10:24:03 GMT
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: Consecutive Numbers
Message-Id: <cpp3c3$iea$1@mamenchi.zrz.TU-Berlin.DE>
Matija Papec <perl@my-header.org> wrote in comp.lang.perl.misc:
> X-Ftn-To: Anno Siegel
>
> anno4000@lublin.zrz.tu-berlin.de (Anno Siegel) wrote:
> > sub is_arithmetic_sequence {
> > my $delta = shift;
> > while ( @_ > 1 ) {
> > $_ + $delta == $_[ 0] or return 0 for shift;
> > }
> > return 1;
> > }
>
> === my benchmark ===
> > Rate foreach plain nosub_foreach nosub_plain
> >foreach 5698/s -- -68% -91% -92%
> >plain 17913/s 214% -- -72% -75%
> >nosub_foreach 64412/s 1030% 260% -- -11%
> >nosub_plain 72595/s 1174% 305% 13% --
>
> I know that foreach is costly, even when using it only to topicalize
> scalars. What baffles me here, is that there is far greater difference
> between first two benchmarks => (foreach:plain = 1:3.14; your
> is_arithmetic_sequence runs three times faster without foreach) compared to
> next two 1:1.12 ?:)
> Is Benchmark being misused?
Well, you have cleared that up in a followup. Benchmarking is an art.
It is all to common to find you have benchmarked something that has
little to do with the original problem. Happens to everyone...
> sub is_arithmetic_sequence {
> my $delta = shift;
> while ( @_ > 1 ) {
> $_ + $delta == $_[ 0] or return 0 for shift;
> }
> return 1;
> }
I was entirely unconcerned with speed when I wrote that. The one-shot
"for" is there so that shift() and $_[ 0] don't appear in the same
statement the way they do in the code below.
> sub is_arithmetic_sequence2 {
> my $delta = shift;
> while ( @_ > 1 ) {
> (shift) + $delta == $_[ 0] or return 0;
This is arguably wrong. The Perl interpreter is free to evaluate
subexpressions in any order, so there is no guarantee that shift()
has happened before $_[ 0] is evaluated. The result of the expression
is undefined, even though there was probably never a Perl interpreter
that did it the other way 'round.
> }
> return 1;
> }
Anno
------------------------------
Date: Wed, 15 Dec 2004 08:25:32 +0000
From: Brian McCauley <nobull@mail.com>
Subject: Re: get startup / running time of a process?
Message-Id: <cpos4h$q3l$1@sun3.bham.ac.uk>
Crom wrote:
> Peter Michael wrote:
>
>> Crom,
>>
>>"Crom" <xxxx@yyyy.zzzz> schrieb im Newsbeitrag
>>news:cp8vo8$jua$1@news.astound.net...
>>
>>>Is there a portable way of obtaining the start up and/or elapsed time
>>>since start (which I suppose could be calculated given the start
>>>time, so no biggy, just need the start time.)
>>
>> have a look at $^T in the perlvar man page.
>
>
> Sorry I was not clearer, I wanted ot find this information for _other_
> runing programs on the system.
Fundamentally I think the answer is no. The only way to make a portable
way would be to produce a module that includes a load of OS specific
ways and presents a single API. If such a module existed (and were
published) I'd expect it would be on CPAN and start with Proc::.
------------------------------
Date: Wed, 15 Dec 2004 15:13:19 +0800
From: "news.hinet.net" <sonet.all@msa.hinet.net>
Subject: How to do this job with regular expression
Message-Id: <cpoo7d$5mk$1@netnews.hinet.net>
$a=~/\s{10,}?/
It can find that $a match spaces at least 10 times.
but how to find that if $a have the same word at last 4 times.
like. 666666 222222 11111 aaaaa bbbb
------------------------------
Date: Wed, 15 Dec 2004 08:06:07 +0000
From: Brian McCauley <nobull@mail.com>
Subject: Re: How to do this job with regular expression
Message-Id: <cpor0r$pmj$1@sun3.bham.ac.uk>
news.hinet.net wrote:
[ Unless you really are the Usenet admin for Hinet you should change
your missleading "From" header ].
> $a=~/\s{10,}?/
Note: At the end of a regex {10,}? ("as few as possible but at least 10
times") is the same as simply {10} ("exactly 10 time")
> It can find that $a match spaces at least 10 times.
>
> but how to find that if $a have the same word at last 4 times.
By 'word' I shall assume you meant to say 'word character'.
/(\w)\1{9}/
I'm fairly sure this is a FAQ but I don't seem to be able to find it in
the list.
------------------------------
Date: Wed, 15 Dec 2004 09:22:19 +0100
From: Josef Moellers <josef.moellers@fujitsu-siemens.com>
Subject: Re: How to do this job with regular expression
Message-Id: <cpos2t$236$1@nntp.fujitsu-siemens.com>
news.hinet.net wrote:
> $a=3D~/\s{10,}?/
>=20
> It can find that $a match spaces at least 10 times.
>=20
> but how to find that if $a have the same word at last 4 times.
> like. 666666 222222 11111 aaaaa bbbb
You probably mean "letter" rather than "word", as there are no two=20
identical words in that line.
The keyword you are looking for is "backreference", e.g.
$a =3D~ /(.)\1\1\1/;
matches 4 identical anythings in $a.
You can put more complex patterns between the parentheses if you desire.
--=20
Josef M=F6llers (Pinguinpfleger bei FSC)
If failure had no penalty success would not be a prize
-- T. Pratchett
------------------------------
Date: Wed, 15 Dec 2004 22:10:28 +1300
From: "Tintin" <tintin@invalid.invalid>
Subject: Re: pause, wait, etc.
Message-Id: <32ad93F3jmtg6U1@individual.net>
"daniel kaplan" <nospam@nospam.com> wrote in message
news:1103041464.304626@nntp.acecape.com...
> Hi all,
>
> Am looking for some type of a "pause" function. Long story short, have
> written a quick script that will send out, one time only, some 400 emails
> (reminders for a specific event).
sleep
>
> My thing is this, while I am using:
>
> unless(open (MAIL, "| /usr/sbin/sendmail -t -oi -odq"))
more usual to write it as
open MAIL, "|/usr/sbin/sendmail -t -oi -odq" or die "Can't run sendmail
$!\n";
>
> with the "queue" parameter, truth is, I don't really trust the mail server
> at my hosting place. I would swear, they sneeze and the mail server goes
> down. So putting 400 emails in their queue, I just don't trust. At the
> same time, turning off the "queue" is rude, and would be far worse than
> sneezing!
If sendmail goes down (highly unlikely), then putting a sleep in your script
isn't going to make much difference. What are you basing you "trust" on?
Something concrete or just you little toe tingling?
------------------------------
Date: Wed, 15 Dec 2004 05:04:51 -0500
From: "daniel kaplan" <nospam@nospam.com>
Subject: Re: pause, wait, etc.
Message-Id: <1103105069.104899@nntp.acecape.com>
"Tintin" <tintin@invalid.invalid> wrote in message
news:32ad93F3jmtg6U1@individual.net...
> more usual to write it as
> open MAIL, "|/usr/sbin/sendmail -t -oi -odq" or die "Can't run sendmail
> $!\n";
It is, I was trying to make it more readable. The script is done, it works,
etc.
> If sendmail goes down (highly unlikely), then putting a sleep in your
script
> isn't going to make much difference. What are you basing you "trust" on?
> Something concrete or just you little toe tingling?
No, this is conrete. I am not afraid of SENDMAIL goign down. MY ISPs mail
servers have given me (and others I assume)some serious headaches. And by
this I don't mean programmers, just users in general. I used the example
about someone sneezing too close to them to say how ridiculous it has been
that they seem to crash. So since by tomorrow I have to add some 400 emails
to the email queue, I thought if I used "sleep" to put them in gently, and
spread out a bit, it would help avoid additional headaches.
------------------------------
Date: 15 Dec 2004 10:40:09 GMT
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: Quick easy question...
Message-Id: <cpp4a9$ivt$1@mamenchi.zrz.TU-Berlin.DE>
Richard Gration <richard@zync.co.uk> wrote in comp.lang.perl.misc:
> On Tue, 14 Dec 2004 17:10:34 +0000, Anno Siegel wrote:
>
> > Richard Gration <richard@zync.co.uk> wrote in comp.lang.perl.misc:
> >> On Tue, 14 Dec 2004 07:57:55 -0800, big.e12 wrote:
> >>
> >> > I am just getting started in perl and I was wondering if someone
> >> > could help me out... I am trying to write a script that counts the
> >> > number of times a word appears in the input. Can anyone help me?
> >>
> >> How about this?
> >>
> >> perl -e 'print [map{$t+=$_=~s/homework//g}<STDIN>]->[-1]'
> >
> > Hey, that's a joke, right? You can't be serious...
> >
> > Anno
>
> Well, it's a joke in the sense that I thought I smelled homework therefore
> tried to obfuscate the answer :-)
>
> But it's not a joke in the sense that it does work ... at least I think it
> does ... I tested it on a some inputs and it seemed OK ... is it faulty?
For an exact word count, the regex should be /\bhomework\b/. Without
the word-boundary anchors, "homeworks" would be counted too.
Otherwise, I guess it works. In fact, it works far more than should.
Anno
------------------------------
Date: Tue, 14 Dec 2004 21:48:25 -0800
From: "Crom" <xxxx@yyyy.zzzz>
Subject: Re: Read mail file? (Linux)
Message-Id: <cpoj68$k58$1@news.astound.net>
David Efflandt wrote:
> On Tue, 14 Dec 2004 10:04:17 -0800, Crom <xxxx@yyyy.zzzz> wrote:
> > How can I parse my mail spool file? Like in /var/spool/mail (and I
> > think the mailbox file in my home dir follows the same format.)
>
> In the main spool file any line that begins with "From " (From
> followed by a space, which as a regex would be /^From / ) marks the
> start of the next message. Not sure if From is always capitalized.
> This is not to be confused with "From:" (w/colon) which is within
> headers, if present.
But what if From wit ha space occurs in the message body itself? How do
you know the difference?
------------------------------
Date: Wed, 15 Dec 2004 08:34:06 +0100
From: "Tassilo v. Parseval" <tassilo.von.parseval@rwth-aachen.de>
Subject: Re: Read mail file? (Linux)
Message-Id: <slrncrvq7e.2n8.tassilo.von.parseval@localhost.localdomain>
Also sprach Crom:
> David Efflandt wrote:
>> On Tue, 14 Dec 2004 10:04:17 -0800, Crom <xxxx@yyyy.zzzz> wrote:
>> > How can I parse my mail spool file? Like in /var/spool/mail (and I
>> > think the mailbox file in my home dir follows the same format.)
>>
>> In the main spool file any line that begins with "From " (From
>> followed by a space, which as a regex would be /^From / ) marks the
>> start of the next message. Not sure if From is always capitalized.
>> This is not to be confused with "From:" (w/colon) which is within
>> headers, if present.
>
> But what if From wit ha space occurs in the message body itself? How do
> you know the difference?
Under unlucky circumstances you can't. Note however that sane mail
processors don't just test for /^From /. These From-lines also have to
end with four digits so a more robust check is /^From .*\d{4}$/. And of
course there are heuristics that could be used (such as looking at the
preceeding line which has to be empty or the next line that has to be a
valid mail-header line).
Such a line could still show up in the body though which is one of those
unlucky circumstances. In order to avoid this problem many MUAs (or is it
MTAs that do that?) will turn a line starting with "From" in the body
into ">From" to disambiguate the matter.
In practice, nearly every mailbox turns out to be parseable just fine.
Over the years in which I've done quite a bit of mailbox parsing I never
came across a mailbox that couldn't be parsed with the common tools
around (such as those modules mentioned elsewhere in this thread).
They've been around long enough and grown very stable, also dealing with
edge-cases and such.
Tassilo
--
$_=q#",}])!JAPH!qq(tsuJ[{@"tnirp}3..0}_$;//::niam/s~=)]3[))_$-3(rellac(=_$({
pam{rekcahbus})(rekcah{lrePbus})(lreP{rehtonabus})!JAPH!qq(rehtona{tsuJbus#;
$_=reverse,s+(?<=sub).+q#q!'"qq.\t$&."'!#+sexisexiixesixeseg;y~\n~~dddd;eval
------------------------------
Date: 15 Dec 2004 00:56:31 -0800
From: "TechStu" <stutib@gmail.com>
Subject: Regular Expression Help
Message-Id: <1103100991.615534.321140@z14g2000cwz.googlegroups.com>
I need help writing regular expressions for the following problems:-
1. date has the following format: month day, year
month is a name of the month,
day represents a day and may contain one or two digits,
y represents a year and contains 4 digits.
Your solution (regular expression) should match, for example, the
following:
July 4, 2004
September 16,1987
December 3, 2001
However, your solution (regular expression) should not match, for
example, the
following:
Dec 3, 2001
February 30, 2002
2. file name has the following format:
disk-drive:\directory-name\...\directory-name\name.extension
disk-drive is a letter that indicates a disk drive
directory-name represents a directory name that starts with a letter
and contains letters,
digits, or '_' characters. The maximum size of directory-name is 16.
name represents a file name that starts with a letter and contains
letters, digits, or '_'
characters. The maximum size of name is 16.
extension represents a file type. The following file types should be
considered: exe, pdf,
doc, xls, txt.
Your solution (regular expression) should match, for example, the
following:
search1.exe
c:paper.pdf
c:\paper.pdf
a:\class\cs763\fall_2004\syllabus.doc
However, your solution (regular expression) should not match, for
example, the
following:
c:paper.xxx
Thanks!
------------------------------
Date: Wed, 15 Dec 2004 10:05:21 +0100
From: "Bernard El-Hagin" <bernard.el-haginDODGE_THIS@lido-tech.net>
Subject: Re: Regular Expression Help
Message-Id: <Xns95C066A16BF65elhber1lidotechnet@62.89.127.66>
"TechStu" <stutib@gmail.com> wrote:
> I need help writing regular expressions for the following problems:-
What have you tried so far to solve your (obvious) homework problems?
--
Cheers,
Bernard
------------------------------
Date: Wed, 15 Dec 2004 11:41:36 +0100
From: Gunnar Hjalmarsson <noreply@gunnar.cc>
Subject: Re: Regular Expression Help
Message-Id: <32aj0bF3i4q0bU1@individual.net>
TechStu wrote:
> I need help writing regular expressions for the following problems:-
>
> 1. date has the following format: month day, year
> month is a name of the month,
> day represents a day and may contain one or two digits,
> y represents a year and contains 4 digits.
> Your solution (regular expression) should match, for example, the
--^^^^^^^^^^^^^
Stopped reading here.
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
------------------------------
Date: Wed, 15 Dec 2004 10:59:47 GMT
From: "Peter Wyzl" <wyzelli@yahoo.com>
Subject: Re: Regular Expression Help
Message-Id: <DOUvd.73763$K7.25800@news-server.bigpond.net.au>
"TechStu" <stutib@gmail.com> wrote in message
news:1103100991.615534.321140@z14g2000cwz.googlegroups.com...
:I need help writing regular expressions for the following problems:-
:
: 1. date has the following format: month day, year
: month is a name of the month,
: day represents a day and may contain one or two digits,
: y represents a year and contains 4 digits.
: Your solution (regular expression) should match, for example, the
: following:
: July 4, 2004
: September 16,1987
: December 3, 2001
: However, your solution (regular expression) should not match, for
: example, the
: following:
: Dec 3, 2001
: February 30, 2002
Why the hell would anyone teach you to use a regex for that? String
extraction and date validation should properly be handled separately, there
being good modules to handle the latter. Go give your teacher a smacking...
P
print "What homework?\n";
------------------------------
Date: 15 Dec 2004 01:59:54 -0800
From: leegee@gmail.com (Lee Goddard)
Subject: Relational databases and tied hashes?
Message-Id: <30da21ec.0412150159.3026d587@posting.google.com>
At 2004-12-14 08:26:01 PST, Sherm Pendley (spamtrap@dot-app.org)
wrote:
>If you're thinking this would take three separate SQL queries, you
can
>...join
Thanks, that's true, but what I'm really looking for is a way to tie
multiple, linked tables to a hash.
And at 2004-12-14 08:50:03 PST, Matija Papec (perl@my-header.org)
added:
>Check for Tie::DBI, it does even table updating for you
It does, but I can't find any info there on using it on tables related
by UID. I've been look at the author's Tie::RDBM too, but that rather
seems a misnoma - it doesn't seem to be so much a Relational DataBase
Manager, as a way of freezing and thawing perl data to a database.
I'm trying to use perl to dynamically create an RDB based upon an XSD
file, and then to parse SCORM Manifest XML on the fly, using the XML's
cross-referencing UIDs as related fields.
Does anyone out there have any ideas of another module that might
provide the underlying functionality? I don't much fancy writing a DB
Tie this close to the holidays with so much 'flu' around ...
Thanks
Lee
------------------------------
Date: Wed, 15 Dec 2004 08:11:26 +0000
From: Brian McCauley <nobull@mail.com>
Subject: Re: Requiring perl scripts
Message-Id: <cporaq$pqp$1@sun3.bham.ac.uk>
Bigus wrote:
> I have a login script for my site which has various code and subroutines in
> it.
> If I do a "require login.cgi" in application.cgi will
> it just make the subroutines available or will it attempt to run all the
> code in login.cgi before the subroutines?
It will run the code unless you prevent it. It is possible to have a
Perl script that also functions as a Perl4-style library by checking
caller() but I would consider that a poor programming pratice.
Migrate the common subroutines to a Perl5-style module and use it in
both scripts.
------------------------------
Date: Wed, 15 Dec 2004 09:26:08 -0000
From: "Bigus" <doureally@needthis.huh>
Subject: Re: Requiring perl scripts
Message-Id: <cpovvg$he1$1@blackmamba.itd.rl.ac.uk>
"Brian McCauley" <nobull@mail.com> wrote in message
news:cporaq$pqp$1@sun3.bham.ac.uk...
> > If I do a "require login.cgi" in application.cgi will
> > it just make the subroutines available or will it attempt to run all the
> > code in login.cgi before the subroutines?
>
> It will run the code unless you prevent it. It is possible to have a
> Perl script that also functions as a Perl4-style library by checking
> caller() but I would consider that a poor programming pratice.
>
> Migrate the common subroutines to a Perl5-style module and use it in
> both scripts.
ok, not got to grips with writing modules yet, but I suppose I could create
a script with just subs in it, then pull them into the app or login script
via a require and call them as normal.
Thanks
Bigus
------------------------------
Date: 14 Dec 2004 20:31:21 -0800
From: Andy Glew <andy.glew@intel.com>
Subject: Restricted Subsets of Perl
Message-Id: <q5ism682ndy.fsf@plxc0250.pdx.intel.com>
Q: are there any ways to restrict a bit of Perl code to a restricted
subset, a sandbox, of Perl - apart from taint?
I'm lazy.
I want a config file format for a tool. I want the config file format
to support expressions, so that the user can say fairly arbitrary
things like "concatenate in different places to the existing tree of
patterns", "replace", "form an outer product".
In fact, the most general form is to allow the user to specify an
arbitrary function from string to string.
I could write a mini-language. But I'm lazy.
In the past, I have occasionally just slurped the config file in and
eval'ed it. But that has obvious security issues; and apart from the
security issues it can be fragile, e.g. if the user code being eval'ed
has name collisions with the rest of my Perl code.
So, what I ask is, are there any restricted subsets of Perl?
---+ Flavoursof Restricted Subsets
Such restricted subsets might vary from
---++ Secure Sandboxes
Like Java, where stuff like filesystem access, etc., is disabled, so
that the code being eval'ed cannot access it. Ditto removal of the
ability to load packages, access to environment variables, etc.
---++ Insulation from calling context
Maybe not secure, but at least preventing access to any variables that
are in the calling environment that are not part of standard Perl.
---++ Read-only insulation
Forgetting the security concerns, I think that I can see a way that
the eval'ed code could be made less fragile. E.g. define the config
file to be an expression that returns a hash array, or the like.
Then:
a) fork
b) the child process has read-only (or, copy-on-write) access
to all state from the parent, but cannot modify any of the
parents' state [*]
c) let the child eval the config file, and generate the
value to be returned
d) dump the return value to a pipe, and read it
in in the parent.
[*] at least, the child cannot accidentally modify the parent.
If really malicious, it might open a debugger on the parent
- but that's beyond what I care about in this insecure version
(and would be handled by the secure sandbox).
---+ Creating the Restricted Context
I can imagine that you could use reflection to walk over the
namespace. If there were a standard way to query - e.g. to ask
"what does this Perl core function do?" (access filesystem, etc.)
then the introspecting code might modify the namespace
to prevent access.
---+ Why am I asking instead of rolling my own?
Because I'm lazy. If it already exists, I will use it.
Perfunctory googling doesn't seem to find any package like
this, but I may not be using the right terminology.
It has been my experience that, if I can describe how to
something, Perl already has done it.
---++ Isn't taint what I want?
I don't think so. But am willing to be educated.
E.g. eval'ing in a taint context may make you moderately more secure,
but doesn't really address the issues of fragility.
------------------------------
Date: 15 Dec 2004 04:58:11 GMT
From: "A. Sinan Unur" <1usa@llenroc.ude.invalid>
Subject: Re: Restricted Subsets of Perl
Message-Id: <Xns95BFF3D4A4A97asu1cornelledu@132.236.56.8>
Andy Glew <andy.glew@intel.com> wrote in
news:q5ism682ndy.fsf@plxc0250.pdx.intel.com:
>
> Q: are there any ways to restrict a bit of Perl code to a restricted
> subset, a sandbox, of Perl - apart from taint?
CPAN is your friend:
Safe - Compile and execute code in restricted compartments
http://search.cpan.org/~nwclark/perl-5.8.6/ext/Opcode/Safe.pm
Sinan
------------------------------
Date: 14 Dec 2004 20:59:17 -0800
From: Andy Glew <andy.glew@intel.com>
Subject: Re: Restricted Subsets of Perl
Message-Id: <q5iy8g05f8a.fsf@plxc0250.pdx.intel.com>
Andy Glew <andy.glew@intel.com> writes:
> Q: are there any ways to restrict a bit of Perl code to a restricted
> subset, a sandbox, of Perl - apart from taint?
>
> Perfunctory googling doesn't seem to find any package like
> this, but I may not be using the right terminology.
Embarassed. Slightly less perfunctory googling led me to the Safe
package. It's what I need.
However, my pondering how to implement this via reflection may still
be worth discussing. If there were a standard query format, allowing
us to enumerate all language elements and identifying what they do,
it might allow more flexible Safe'ing.
------------------------------
Date: Wed, 15 Dec 2004 08:14:58 +0000
From: Brian McCauley <nobull@mail.com>
Subject: Re: Restricted Subsets of Perl
Message-Id: <cporh5$pqq$1@sun3.bham.ac.uk>
A. Sinan Unur wrote:
> Andy Glew <andy.glew@intel.com> wrote in
> news:q5ism682ndy.fsf@plxc0250.pdx.intel.com:
>
>
>>Q: are there any ways to restrict a bit of Perl code to a restricted
>>subset, a sandbox, of Perl - apart from taint?
>
>
> CPAN is your friend:
>
> Safe - Compile and execute code in restricted compartments
>
> http://search.cpan.org/~nwclark/perl-5.8.6/ext/Opcode/Safe.pm
Be aware - Safe is flawed. The best known way to escape a Safe
compartment involves returning blessed values. This can easily be
avoided by disabling the bless opcode. Similarly it's probably a good
idea to disable the tie opcode. However there are probably other less
well known exploits.
------------------------------
Date: 15 Dec 2004 08:29:19 GMT
From: Abigail <abigail@abigail.nl>
Subject: Re: Restricted Subsets of Perl
Message-Id: <slrncrvtev.fj.abigail@alexandra.abigail.nl>
Andy Glew (andy.glew@intel.com) wrote on MMMMCXXIV September MCMXCIII in
<URL:news:q5ism682ndy.fsf@plxc0250.pdx.intel.com>:
\\
\\ Q: are there any ways to restrict a bit of Perl code to a restricted
\\ subset, a sandbox, of Perl - apart from taint?
\\
\\ I'm lazy.
\\
\\ I want a config file format for a tool. I want the config file format
\\ to support expressions, so that the user can say fairly arbitrary
\\ things like "concatenate in different places to the existing tree of
\\ patterns", "replace", "form an outer product".
\\
\\ In fact, the most general form is to allow the user to specify an
\\ arbitrary function from string to string.
\\
\\ I could write a mini-language. But I'm lazy.
\\
\\ In the past, I have occasionally just slurped the config file in and
\\ eval'ed it. But that has obvious security issues; and apart from the
\\ security issues it can be fragile, e.g. if the user code being eval'ed
\\ has name collisions with the rest of my Perl code.
There are only security issues if the config file is supplied by other,
untrusted, people. Are you running this as root using user config files?
If it's just a regular tool, there are no security issues - nothing
can be gained by 'eval'ling some code the user couldn't do in a much
simpler way.
Abigail
--
perl5.004 -wMMath::BigInt -e'$^V=Math::BigInt->new(qq]$^F$^W783$[$%9889$^F47]
.qq]$|88768$^W596577669$%$^W5$^F3364$[$^W$^F$|838747$[8889739$%$|$^F673$%$^W]
.qq]98$^F76777$=56]);$^U=substr($]=>$|=>5)*(q.25..($^W=@^V))=>do{print+chr$^V
%$^U;$^V/=$^U}while$^V!=$^W'
------------------------------
Date: Tue, 14 Dec 2004 21:07:11 -0600
From: Alan Mead <amead@comcast.net>
Subject: Re: Session management for cgi, ldap, oracle?
Message-Id: <pan.2004.12.15.03.07.10.422830@comcast.net>
Star date: Tue, 14 Dec 2004 17:24:17 -0800, spam1.minus1's log:
> I have two possible environments I can use:
>
> 1. linux (suse 9.1), apache, cgi, oracle, perl 5.8.3, LDAP 3
> 2. solaris, apache, cgi, oracle, perl 5.005, LDAP 3
I would prefer Perl 5.6 or higher.
Also, I can reassure you that what you want to do is doable.
The rest of it, you should ask in a CGI newsgroup... returning here with
a specific Perl issue if you encounter one.
Maintaining state is a bit tricky with CGI. Browse the modules available
on CPAN, which can help but you're going to have to do some coding.
-Alan
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
#The Perl-Users Digest is a retransmission of the USENET newsgroup
#comp.lang.perl.misc. For subscription or unsubscription requests, send
#the single line:
#
# subscribe perl-users
#or:
# unsubscribe perl-users
#
#to almanac@ruby.oce.orst.edu.
NOTE: due to the current flood of worm email banging on ruby, the smtp
server on ruby has been shut off until further notice.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
#To request back copies (available for a week or so), send your request
#to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
#where x is the volume number and y is the issue number.
#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 7520
***************************************
