You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Igor Chudov <ic...@yahoo.com> on 2005/05/11 06:43:40 UTC

limiting subroutine run time

I am working on a system on algebra.com where anyone
could define a math solver for a particular kind of
problem. It could be defined either via a custom
markup language (not interesting), or as a perl
script.

These user submitted perl scripts will be executed
inside Safe.pm compartment. I hope that they will be
secure enough.

My question is, is there some way to limit execution
time of a subroutine? I would not want those scripts
to run for more than a second CPU time.

i

- Igor



		
Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html

Re: limiting subroutine run time

Posted by Igor Chudov <ic...@yahoo.com>.
--- Stas Bekman <st...@stason.org> wrote:

> 
> > Thanks. I will try using alarm also.
> 
> Though, be aware of the issues with signals in
> recent perls and 
> specifically with Apache2.
>
http://perl.apache.org/docs/2.0/user/coding/coding.html#Using_Signal_Handlers

Thank you Stas. I disabled multithreading in Apache
and  use forked processes only. I may revisit this
decision at some point, though, but for now, no
multithreading for me. My perl is not compiled with
multithreading support either.


igor

- Igor


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Re: limiting subroutine run time

Posted by Stas Bekman <st...@stason.org>.
> Thanks. I will try using alarm also.

Though, be aware of the issues with signals in recent perls and 
specifically with Apache2.
http://perl.apache.org/docs/2.0/user/coding/coding.html#Using_Signal_Handlers

-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: limiting subroutine run time

Posted by Stas Bekman <st...@stason.org>.
Igor Chudov wrote:
> --- Perrin Harkins <pe...@elem.com> wrote:
> 
> 
>>On Wed, 2005-05-11 at 07:57 -0700, Igor Chudov
>>wrote:
>>
>>>Can you be a little more specific? Are you talking
>>>about damage such as abuse of resources, or are
>>
>>you
>>
>>>talking about gaining unauthorized privileges?
>>
>>Possibly both.  The thing is, no one uses Safe. 
>>Since no one uses it,
>>you can't count on it to be thoroughly debugged. 
>>Much more discussion
>>on it is here:
>>http://perlmonks.org/index.pl?node_id=430804
> 
> 
> Thanks Perrin. The ability of tutors to define perl
> scripts is valuable, so I will dig more in this
> direction, being mindful of Safe.pm vulnerabilities.
> The main vulnerabilities of Safe that I have seen
> mentioned personally, are related to use of bless and
> tie, and therefore I disabled those opcodes. I
> appreciate your input and I will treat safe.pm with
> great caution.

What's sure is that you want to run your server in a jail/chroot 
environment if you plan to run untrusted code. google for more information 
on this topic. There is some information on this topic in the "Practical 
mod_perl" book:
http://www.google.ca/search?as_q=jail&num=10&hl=en&btnG=Google+Search&as_epq=&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_qdr=all&as_occt=any&as_dt=i&as_sitesearch=modperlbook.org&safe=off

-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: limiting subroutine run time

Posted by Igor Chudov <ic...@yahoo.com>.
--- Perrin Harkins <pe...@elem.com> wrote:

> On Wed, 2005-05-11 at 07:57 -0700, Igor Chudov
> wrote:
> > Can you be a little more specific? Are you talking
> > about damage such as abuse of resources, or are
> you
> > talking about gaining unauthorized privileges?
> 
> Possibly both.  The thing is, no one uses Safe. 
> Since no one uses it,
> you can't count on it to be thoroughly debugged. 
> Much more discussion
> on it is here:
> http://perlmonks.org/index.pl?node_id=430804

Thanks Perrin. The ability of tutors to define perl
scripts is valuable, so I will dig more in this
direction, being mindful of Safe.pm vulnerabilities.
The main vulnerabilities of Safe that I have seen
mentioned personally, are related to use of bless and
tie, and therefore I disabled those opcodes. I
appreciate your input and I will treat safe.pm with
great caution.

i

- Igor


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Re: limiting subroutine run time

Posted by Perrin Harkins <pe...@elem.com>.
On Wed, 2005-05-11 at 07:57 -0700, Igor Chudov wrote:
> Can you be a little more specific? Are you talking
> about damage such as abuse of resources, or are you
> talking about gaining unauthorized privileges?

Possibly both.  The thing is, no one uses Safe.  Since no one uses it,
you can't count on it to be thoroughly debugged.  Much more discussion
on it is here:
http://perlmonks.org/index.pl?node_id=430804

- Perrin

Re: limiting subroutine run time

Posted by Igor Chudov <ic...@yahoo.com>.
--- Perrin Harkins <pe...@elem.com> wrote:

> On Tue, 2005-05-10 at 21:43 -0700, Igor Chudov
> wrote:
> > These user submitted perl scripts will be executed
> > inside Safe.pm compartment. I hope that they will
> be
> > secure enough.
> 
> It won't be, if someone is determined to damage your
> system.

Can you be a little more specific? Are you talking
about damage such as abuse of resources, or are you
talking about gaining unauthorized privileges?

 
> > My question is, is there some way to limit
> execution
> > time of a subroutine?
> 
> You can use Apache::Resource to set limits on CPU. 
> It will kill the
> process if it goes over, but this is probably for
> the best.

Thanks. I will try using alarm also.
i

- Igor



		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses. 
http://promotions.yahoo.com/new_mail

Re: limiting subroutine run time

Posted by Perrin Harkins <pe...@elem.com>.
On Tue, 2005-05-10 at 21:43 -0700, Igor Chudov wrote:
> These user submitted perl scripts will be executed
> inside Safe.pm compartment. I hope that they will be
> secure enough.

It won't be, if someone is determined to damage your system.

> My question is, is there some way to limit execution
> time of a subroutine?

You can use Apache::Resource to set limits on CPU.  It will kill the
process if it goes over, but this is probably for the best.

- Perrin

Re: limiting subroutine run time

Posted by Enno <bu...@xs4all.nl>.
This is not mod_perl related, but take a look at:

perldoc -f alarm



On Tue, 10 May 2005, Igor Chudov wrote:

> I am working on a system on algebra.com where anyone
> could define a math solver for a particular kind of
> problem. It could be defined either via a custom
> markup language (not interesting), or as a perl
> script.
>
> These user submitted perl scripts will be executed
> inside Safe.pm compartment. I hope that they will be
> secure enough.
>
> My question is, is there some way to limit execution
> time of a subroutine? I would not want those scripts
> to run for more than a second CPU time.
>
> i
>
> - Igor
>
>
>
>
> Yahoo! Mail
> Stay connected, organized, and protected. Take the tour:
> http://tour.mail.yahoo.com/mailtour.html
>
>