Security aware programming(14)

• Miscellaneous other stuff:

  • use minimal privileges wherever possible
  • check exit codes and act accordingly
  • be careful with error messages to untrusted users
  • %ENV cleaning before invoking commands:

• delete @ENV{qw(IFS CDPATH ENV BASH_ENV)} #bad

• %ENV = () # and add what's necessary/safe

  • %SIG: disable signals
  • system limits (CPU, file/process/mem size, etc.)