http://www.perlmonks.org?node_id=1018267


in reply to Passing argument into STDIN inside safe.pm reval

You can insert your program's STDIN filehandle into the compartment like this:

use strict; use warnings; use 5.012; use Safe; if($ARGV[0]) { my $code = $ARGV[0]; my $compartment = Safe->new; my $namespace_name = $compartment->root(); { no strict; *{$namespace_name . "::STDIN"} = *main::STDIN; } $compartment->deny_only(qw(chdir)); #<----CHECK THIS*** $compartment->reval($code); if ($@) { print "Unsafe code detected: $@"; } } --output:-- $ $ perl 2.pl ' print "Enter some stdin: "; my $line = <STDIN>; print "From STDIN: $line"; ' Enter some stdin: hello From STDIN: hello

But I can't figure out how to permit_only() what is necessary for the line input operator(<$infile>) to work. I tried permit_only(qw{ print <> }), which produced the error:

Unknown operator prefix "<>"

And because perlop says:

<FILEHANDLE> may also be spelled readline(*FILEHANDLE). 

I tried permit_only(qw{ print readline }), but that produced this error:

Unsafe code detected: 'private value' trapped by operation mask at (ev +al 5) line 1. use strict; use warnings; use 5.012; use Safe; if($ARGV[0]) { my $code = $ARGV[0]; my $compartment = Safe->new; my $namespace_name = $compartment->root(); { no strict; *{$namespace_name . "::STDIN"} = *main::STDIN; } $compartment->permit_only(qw(print readline)); $compartment->reval($code); if ($@) { print "Unsafe code detected: $@"; } } --output:-- $ perl 2.pl ' print "Enter some stdin: "; my $line = readline *STDIN; print "From STDIN: $line"; ' Unsafe code detected: 'private value' trapped by operation mask at (ev +al 5) line 1.