Install Now
Paranoid - Paranoia support for safer programs
Contents
Bugs And Limitations
Dependencies
While this module itself doesn't have any external dependencies various child modules do. Please check
their documentation for any particulars should you use them.
Description
This collection of modules started out as modules which perform things (debatably) in a safer and taint-
safe manner. Since then it's also grown to include functionality that fit into the same framework and
conventions of the original modules, including keeping the debug hooks for command-line debugging.
All the modules below are intended to be used directly in your programs if you need the functionality
they provide.
This module does provide one function meant to secure your environment enough to satisfy taint-enabled
programs, and as a container which holds the last reported error from any code in the Paranoid framework.
Import Lists
This module exports the following symbols by default:
psecureEnv
The following specialized import lists also exist:
List Members
--------------------------------------------------------
all @defaults PTRUE_ZERO
License And Copyright
This software is free software. Similar to Perl, you can redistribute it and/or modify it under the
terms of either:
a) the GNU General Public License
<https://www.gnu.org/licenses/gpl-1.0.html> as published by the
Free Software Foundation <http://www.fsf.org/>; either version 1
<https://www.gnu.org/licenses/gpl-1.0.html>, or any later version
<https://www.gnu.org/licenses/license-list.html#GNUGPL>, or
b) the Artistic License 2.0
<https://opensource.org/licenses/Artistic-2.0>,
subject to the following additional term: No trademark rights to "Paranoid" have been or are conveyed
under any of the above licenses. However, "Paranoid" may be used fairly to describe this unmodified
software, in good faith, but not as a trademark.
(c) 2005 - 2020, Arthur Corliss (corliss@digitalmages.com) (tm) 2008 - 2020, Paranoid Inc.
(www.paranoid.com)
perl v5.38.2 2024-03-07 Paranoid(3pm)
Name
Paranoid - Paranoia support for safer programs
See Also
The following modules are available for use. You should check their POD for specifics on use:
o Paranoid::Args: Command-line argument parsing functions
o Paranoid::Data: Misc. data manipulation functions
o Paranoid::Data::AVLTree: AVL-Balanced Tree Class
o Paranoid::Data::AVLTree::AVLNode: AVL-Balanced Tree Node Class
o Paranoid::Debug: Command-line debugging framework and functions
o Paranoid::Filesystem: Filesystem operation functions
o Paranoid::Glob: Paranoid Glob objects
o Paranoid::IO: File I/O wrappers for sysopen, etc.
o Paranoid::IO::FileMultiplexer: File Multiplexer Object
o Paranoid::IO::FileMultiplexer::Block: Block-level Allocator/Accessor
o Paranoid::IO::FileMultiplexer::Block::BATHeader: BAT Header Block
o Paranoid::IO::FileMultiplexer::Block::FileHeader: File Header Block
o Paranoid::IO::FileMultiplexer::Block::StreamHeader: Stream Header Block
o Paranoid::IO::Line: I/O functions for working with line-based files
o Paranoid::IO::Lockfile: I/O functions for working with lock files
o Paranoid::Input: Input-related functions (file reading, detainting)
o Paranoid::Log: Unified logging framework and functions
o Paranoid::Log::Buffer: Buffered-based logging mechanism
o Paranoid::Log::File: File-based logging mechanism
o Paranoid::Module: Run-time module loading functions
o Paranoid::Network: Network-related functions
o Paranoid::Network::IPv4: General IPv4-related functions
o Paranoid::Network::IPv6: General IPv6-related functions
o Paranoid::Network::Socket: Wrapper module for Socket & Socket6
o Paranoid::Process: Process management functions
Subroutines/Methods
psecureEnv
psecureEnv("/bin:/usr/bin");
This function deletes some of the dangerous environment variables that can be used to subvert perl when
being run in setuid applications. It also sets the path, either to the passed argument (if passed) or a
default of "/bin:/sbin:/usr/bin:/usr/sbin".
NOTE: I did explicitly exclude /usr/local directories from the default path for the following reason:
/usr/local is often used by admins to stash random scripts and programs which may not have undergone any
serious scrutiny and review for security issues. Only the base OS directories are presumed as safe, and
even that may be stretching the truth as it is. You can override the defaults as desired.
Paranoid::ERROR
$errMsg = Paranoid::ERROR;
Paranoid::ERROR = $errMsg;
This lvalue function is not exported and must be referenced via the Paranoid namespace.
PTRUE_ZERO
This is a constant that evaluates to '0 but true', which allows 0 to be passed for boolean true use-
cases.
Synopsis
use Paranoid;
$errMsg = Paranoid::ERROR;
psecureEnv("/bin:/usr/bin");
sub foo {
# this function can return '0' as a valid return value
# that should be construed as a boolean true value
return PTRUE_ZERO;
}
Taint Notes
Taint-mode programming can be somewhat of an adventure until you know all the places considered dangerous
under perl's taint mode. The following functions should generally have their arguments detainted before
using:
exec system open glob
unlink mkdir chdir rmdir
chown chmod umask utime
link symlink kill eval
truncate ioctl fcntl chroot
setpgrp setpriority syscall socket
socketpair bind connect
Version
$Id: lib/Paranoid.pm, 2.10 2022/03/08 00:01:04 acorliss Exp $
PNG Icons
