NAME
Paranoid - Paranoia support for safer programs
VERSION
$Id: lib/Paranoid.pm, 2.10 2022/03/08 00:01:04 acorliss Exp $
SYNOPSIS
use Paranoid;
$errMsg = Paranoid::ERROR;
psecureEnv("/bin:/usr/bin");
sub foo {
# this function can return '0' as a valid return value
# that should be construed as a boolean true value
return PTRUE_ZERO;
}DESCRIPTION
This collection of modules started out as modules which perform things (debatably) in a safer and taint-safe manner. Since then it's also grown to include functionality that fit into the same framework and conventions of the original modules, including keeping the debug hooks for command-line debugging.
All the modules below are intended to be used directly in your programs if you need the functionality they provide.
This module does provide one function meant to secure your environment enough to satisfy taint-enabled programs, and as a container which holds the last reported error from any code in the Paranoid framework.
IMPORT LISTS
This module exports the following symbols by default:
psecureEnvThe following specialized import lists also exist:
List Members
--------------------------------------------------------
all @defaults PTRUE_ZEROSUBROUTINES/METHODS
psecureEnv
psecureEnv("/bin:/usr/bin");This function deletes some of the dangerous environment variables that can be used to subvert perl when being run in setuid applications. It also sets the path, either to the passed argument (if passed) or a default of "/bin:/sbin:/usr/bin:/usr/sbin".
NOTE: I did explicitly exclude /usr/local directories from the default path for the following reason: /usr/local is often used by admins to stash random scripts and programs which may not have undergone any serious scrutiny and review for security issues. Only the base OS directories are presumed as safe, and even that may be stretching the truth as it is. You can override the defaults as desired.
Paranoid::ERROR
$errMsg = Paranoid::ERROR;
Paranoid::ERROR = $errMsg;This lvalue function is not exported and must be referenced via the Paranoid namespace.
PTRUE_ZERO
This is a constant that evaluates to '0 but true', which allows 0 to be passed for boolean true use-cases.
TAINT NOTES
Taint-mode programming can be somewhat of an adventure until you know all the places considered dangerous under perl's taint mode. The following functions should generally have their arguments detainted before using:
exec system open glob
unlink mkdir chdir rmdir
chown chmod umask utime
link symlink kill eval
truncate ioctl fcntl chroot
setpgrp setpriority syscall socket
socketpair bind connectDEPENDENCIES
While this module itself doesn't have any external dependencies various child modules do. Please check their documentation for any particulars should you use them.
SEE ALSO
The following modules are available for use. You should check their POD for specifics on use:
- o
-
Paranoid::Args: Command-line argument parsing functions
- o
-
Paranoid::Data: Misc. data manipulation functions
- o
-
Paranoid::Data::AVLTree: AVL-Balanced Tree Class
- o
-
Paranoid::Data::AVLTree::AVLNode: AVL-Balanced Tree Node Class
- o
-
Paranoid::Debug: Command-line debugging framework and functions
- o
-
Paranoid::Filesystem: Filesystem operation functions
- o
-
Paranoid::Glob: Paranoid Glob objects
- o
-
Paranoid::IO: File I/O wrappers for sysopen, etc.
- o
-
Paranoid::IO::FileMultiplexer: File Multiplexer Object
- o
-
Paranoid::IO::FileMultiplexer::Block: Block-level Allocator/Accessor
- o
-
Paranoid::IO::FileMultiplexer::Block::BATHeader: BAT Header Block
- o
-
Paranoid::IO::FileMultiplexer::Block::FileHeader: File Header Block
- o
-
Paranoid::IO::FileMultiplexer::Block::StreamHeader: Stream Header Block
- o
-
Paranoid::IO::Line: I/O functions for working with line-based files
- o
-
Paranoid::IO::Lockfile: I/O functions for working with lock files
- o
-
Paranoid::Input: Input-related functions (file reading, detainting)
- o
-
Paranoid::Log: Unified logging framework and functions
- o
-
Paranoid::Log::Buffer: Buffered-based logging mechanism
- o
-
Paranoid::Log::File: File-based logging mechanism
- o
-
Paranoid::Module: Run-time module loading functions
- o
-
Paranoid::Network: Network-related functions
- o
-
Paranoid::Network::IPv4: General IPv4-related functions
- o
-
Paranoid::Network::IPv6: General IPv6-related functions
- o
-
Paranoid::Network::Socket: Wrapper module for Socket & Socket6
- o
-
Paranoid::Process: Process management functions
BUGS AND LIMITATIONS
AUTHOR
Arthur Corliss (corliss@digitalmages.com)
LICENSE AND COPYRIGHT
This software is free software. Similar to Perl, you can redistribute it and/or modify it under the terms of either:
a) the GNU General Public License
<https://www.gnu.org/licenses/gpl-1.0.html> as published by the
Free Software Foundation <http://www.fsf.org/>; either version 1
<https://www.gnu.org/licenses/gpl-1.0.html>, or any later version
<https://www.gnu.org/licenses/license-list.html#GNUGPL>, or
b) the Artistic License 2.0
<https://opensource.org/licenses/Artistic-2.0>,subject to the following additional term: No trademark rights to "Paranoid" have been or are conveyed under any of the above licenses. However, "Paranoid" may be used fairly to describe this unmodified software, in good faith, but not as a trademark.
(c) 2005 - 2020, Arthur Corliss (corliss@digitalmages.com) (tm) 2008 - 2020, Paranoid Inc. (www.paranoid.com)