view release on metacpan or  search on metacpan

lib/Secure/File.pm  view on Meta::CPAN

#!/usr/bin/perl -w
#Copyright 1998-2001, Randall Maas.  All rights reserved.  This program is free
#software; you can redistribute it and/or modify it under the same terms as
#PERL itself.

=head1 NAME

C<Secure::File> -- A module to open or create files within suid/sgid files

=head1 SYNOPSIS

    use Secure::File;
    my $SF = new Secure::File;
    $SF->open();

    my $NF = new Secure::File, 'myfile';


=head1 DESCRIPTION

C<open>  This checks that both the effective and real  user / group ids have
sufficient permissions to use the specified file.  (Standard C<open> calls only
check the effective ids).  C<Secure::File> also checks that the file we
open, really is the same file we checked ids on.

If the file already exists, C<open> will fail.

=head1 WARNING <==============================================================>

B<DO NOT TRUST THIS MODULE>.  Every effort has been made to make this module
useful, but it can not make a secure system out of an insecure one.  It can not
read the programers mind.  

=head1 Author

Randall Maas (L<mailto:randym@acm.org>, L<http://www.hamline.edu/~rcmaas/>)

=cut


package Secure::File;
use IO::File;
use Carp;
@ISA=qw(IO::File);
1;

sub new
{
   my $self=shift;

   #Call the parent class new; we basically use IO::File's create
   my $class=ref($self) || $self || "IO::File";
   my $R = $class->SUPER::new();

   #If it doesn't work, we give up and return to the caller.
   return unless defined $R;

   #If the caller passed some open() parameters, we will need to open the
   #file as well
   if (@_)
   {
      return unless $R->open(@_);
   }
   return $R;
}

sub open
{