This file is indexed.

/usr/share/perl5/Paranoid.pm is in libparanoid-perl 0.31-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
# Paranoid -- Paranoia support for safer programs
#
# (c) 2005, Arthur Corliss <corliss@digitalmages.com>
#
# $Id: Paranoid.pm,v 0.31 2011/12/08 07:36:31 acorliss Exp $
#
#    This software is licensed under the same terms as Perl, itself.
#    Please see http://dev.perl.org/licenses/ for more information.
#
#####################################################################

#####################################################################
#
# Environment definitions
#
#####################################################################

package Paranoid;

use 5.006;

use strict;
use warnings;
use vars qw($VERSION @EXPORT @EXPORT_OK %EXPORT_TAGS);
use base qw(Exporter);

($VERSION) = ( q$Revision: 0.31 $ =~ /(\d+(?:\.(\d+))+)/sm );

@EXPORT      = qw(psecureEnv);
@EXPORT_OK   = qw(psecureEnv);
%EXPORT_TAGS = ( all => [qw(psecureEnv)], );

#####################################################################
#
# Module code follows
#
#####################################################################

#BEGIN {
#die "This module requires taint mode to be enabled!\n" unless
#  ${^TAINT} == 1;
#delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
#$ENV{PATH} = '/bin:/sbin:/usr/bin:/usr/sbin';
#no ops qw(backtick system exec);
#  :subprocess = system, backtick, exec, fork, glob
#  :dangerous = syscall, dump, chroot
#  :others = mostly IPC stuff
#  :filesys_write = link, unlink, rename, mkdir, rmdir, chmod,
#                   chown, fcntl
#  :sys_db = getpwnet, etc.
#}

sub psecureEnv (;$) {

    # Purpose:  To delete taint-unsafe environment variables and to sanitize
    #           the PATH variable
    # Returns:  True (1) -- no matter what
    # Usage:    psecureEnv();

    my $path = shift;

    $path = '/bin:/usr/bin' unless defined $path;

    delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
    $ENV{PATH} = $path;
    if ( exists $ENV{TERM} ) {
        if ( $ENV{TERM} =~ /^([\w\+\.\-]+)$/sm ) {
            $ENV{TERM} = $1;
        } else {
            $ENV{TERM} = 'vt100';
        }
    }

    return 1;
}

{
    my $errorMsg = '';

    sub ERROR : lvalue {

        # Purpose:  To store/retrieve a string error message
        # Returns:  Scalar string
        # Usage:    $errMsg = Paranoid::ERROR;
        # Usage:    Paranoid::ERROR = $errMsg;

        $errorMsg;
    }
}

1;

__END__

=head1 NAME

Paranoid - Paranoia support for safer programs

=head1 VERSION

$Id: Paranoid.pm,v 0.31 2011/12/08 07:36:31 acorliss Exp $

=head1 SYNOPSIS

  use Paranoid;

  $errMsg = Paranoid::ERROR;

  psecureEnv("/bin:/usr/bin");

=head1 DESCRIPTION

This collection of modules started out as modules which perform things
(debatably) in a safer and taint-safe manner.  Since then it's also grown to
include functionality that fit into the same framework and conventions of the
original modules, including keeping the debug hooks for command-line
debugging.

All the modules below are intended to be used directly in your programs if you
need the functionality they provide.

This module does provide one function meant to secure your environment 
enough to satisfy taint-enabled programs, and as a container which holds the 
last reported error from any code in the Paranoid framework.

=head1 SUBROUTINES/METHODS

=head2 psecureEnv

  psecureEnv("/bin:/usr/bin");

This function deletes some of the dangerous environment variables that can be
used to subvert perl when being run in setuid applications.  It also sets the
path, either to the passed argument (if passed) or a default of
"/bin:/usr/bin".

=head2 Paranoid::ERROR

  $errMsg = Paranoid::ERROR;
  Paranoid::ERROR = $errMsg;

This lvalue function is not exported and must be referenced via the 
B<Paranoid> namespace.

=head1 TAINT NOTES

Taint-mode programming can be somewhat of an adventure until you know all the
places considered dangerous under perl's taint mode.  The following functions
should generally have their arguments detainted before using:

  exec        system      open        glob
  unlink      mkdir       chdir       rmdir
  chown       chmod       umask       utime
  link        symlink     kill        eval
  truncate    ioctl       fcntl       chroot
  setpgrp     setpriority syscall     socket
  socketpair  bind        connect

=head1 DEPENDENCIES

While this module itself doesn't have any external dependencies various child
modules do.  Please check their documentation for any particulars should you
use them.

=head1 SEE ALSO

The following modules are available for use.  You should check their POD for
specifics on use:

=over

=item o

L<Paranoid::Args>: Command-line argument parsing functions

=item o

L<Paranoid::BerkeleyDB>: OO-oriented BerkelyDB access with concurrent access
capabilities

=item o

L<Paranoid::Data>: Misc. data manipulation functions

=item o

L<Paranoid::Debug>: Command-line debugging framework and functions

=item o

L<Paranoid::Filesystem>: Filesystem operation functions

=item o

L<Paranoid::Glob>: Paranoid Glob objects

=item o

L<Paranoid::Input>: Input-related functions (file reading, detainting)

=item o

L<Paranoid::Lockfile>: Lockfile support

=item o

L<Paranoid::Log>: Unified logging framework and functions

=item o

L<Paranoid::Module>: Run-time module loading functions

=item o

L<Paranoid::Network>: Network-related functions

=item o

L<Paranoid::Process>: Process management functions

=back

=head1 BUGS AND LIMITATIONS

If your application is sensitive to performance issues then you may
be better off not using these modules.  The primary focus was on security,
robustness, and diagnostics.  That said, there's probably a lot of room for
improvement on the performance front.

=head1 AUTHOR

Arthur Corliss (corliss@digitalmages.com)

=head1 LICENSE AND COPYRIGHT

This software is licensed under the same terms as Perl, itself. 
Please see http://dev.perl.org/licenses/ for more information.

(c) 2005, Arthur Corliss (corliss@digitalmages.com)