NAME

Filesys::Restrict - Restrict filesystem access

SYNOPSIS

{
    my $check = Filesys::Restrict::create(
        sub {
            my ($op, $path) = @_;

            return 1 if $path =~ m<^/safe/place/>;

            # Deny access to anything else:
            return 0;
        },
    );

    # In this block, most Perl code will throw if it tries
    # to access anything outside of /safe/place.
}

# No more filesystem checks here.

DESCRIPTION

This module is a reasonable-best-effort at preventing Perl code from accessing files you don’t want to allow. One potential application of this is to restrict filesystem access to /tmp in tests.

THIS IS NOT A SECURITY TOOL!

This module cannot prevent all unintended filesystem access. The following are some known ways to circumvent it:

Use XS modules (e.g., POSIX).
Use one of open()’s more esoteric forms. This module tries to parse typical open() arguments but doesn’t “bend over backward”. The 2- and 3-argument forms are assumed to be valid if there’s an unrecognized format, and we ignore the 1-argument form entirely.
Call system(), do(), or require().

We could actually restrict do() and require(). These, though, are a bit different from other built-ins because they don’t facilitate reading arbitrary data off the filesystem; rather, they’re narrowly-scoped to bringing in additional Perl code.

If you have a use case where it’s useful to restrict these, file a feature request.

FUNCTIONS

$obj = create( sub { .. } )

Creates an opaque object that installs an access-control callback. Any existing access-control callback is saved and restored whenever $obj is DESTROYed.

The access-control callback is called with two arguments:

The name of the Perl op that requests filesystem access. The names come from PL_op_desc in Perl’s opcode.h header file; they should correlate to the actual built-in called.
The filesystem path in question.

The callback can end in one of three ways:

Return truthy to confirm access to the path.
Return falsy to cause a Filesys::Restrict::X::Forbidden instance to be thrown.
Throw a custom exception.

LICENSE & COPYRIGHT

This library is licensed under the same terms as Perl itself. See perlartistic.

This library was originally a research project at cPanel, L.L.C..

To install Filesys::Restrict, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Filesys::Restrict

CPAN shell

perl -MCPAN -e shell
install Filesys::Restrict

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)