• Intel
  • Microsoft
  • Google
  • Sun Microsystems
  • BT
  • IBM
  • Yahoo! Inc.
  • Zimbra
  • Atlassian Software Systems
  • Disney
  • EnterpriseDB
  • Etelos
  • Ingres
  • JasperSoft
  • Kablink
  • Linagora
  • MindTouch
  • Mozilla Corporation
  • Novell, Inc.
  • Open Invention Network
  • OpSource
  • RightScale
  • Silicon Mechanics
  • Tenth Planet
  • Ticketmaster
  • Voiceroute
  • White Oak Technologies, Inc.
  • XAware
  • ZDNet

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at scordesse@oreilly.com.

Media Partner Opportunities

Download the Media & Promotional Partner Brochure (PDF) for more information on trade opportunities with O'Reilly conferences, or contact mediapartners@oreilly.com.

Press and Media

For media-related inquiries, contact Maureen Jennings at maureen@oreilly.com.

OSCON Newsletter

To stay abreast of conference news and to receive email notification when registration opens, please sign up for the OSCON newsletter (login required).

Contact Us

View a complete list of OSCON 2008 Contacts

Perl Security

Perl, Tutorial
Location: Portland 255 Level: Intermediate
Average rating: ****.
(4.45, 40 ratings)

Perl is used for an incredibly wide range of tasks, from system administration, airport boarding passes, web sites, and interfacing with virtual worlds. However like many languages, developers are often unaware of the security pitfalls that may exist, or know that “security is important,” but not know what to do about it.

In this tutorial, we will cover:

  • Perl’s in-built tainting mechanism, how to use it, and what it does and does not protect you against.
  • How to work with files on multitasking, multiuser operating systems. How to avoid symlink attacks, race conditions, and information disclosure.
  • How to safely execute system commands. How to avoid the shell and handle shell meta-characters.
  • How to safely manipulate Unix privileges in Perl for scripts running setuid/setgid, or with other elevated privileges.
  • How to use Safe compartments and other sandboxing techniques to restrict the operations that Perl is permitted to perform, and to audit data passing between compartments in our system.
  • How to operate safely with databases. How taint interacts with Perl’s DBI module. How to recognise and avoid SQL injection attacks.
  • Unexpected interactions between Perl and C. How to safely clean up filesystem paths. How using some of Perl’s inbuilt functions may have unexpected results.

Attendees will finish this tutorial with an improved knowledge of Perl’s unique security features and pitfalls, and the skills needed to identify these in their own code and that of others.

Photo of Paul Fenwick

Paul Fenwick

Perl Training Australia

Paul Fenwick is the managing director of Perl Training Australia, and has been teaching computer science for over a decade. He is a regular presenter at conferences and user-groups throughout Australia, where he is well-known for his humour and off-beat topics.

OSCON 2008