Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: Vulnerabilities when editing untrusted code...

by BrowserUk (Pope)
on May 30, 2010 at 23:11 UTC ( #842305=note: print w/ replies, xml ) Need Help??


in reply to Vulnerabilities when editing untrusted code... (Komodo)

Use a sensible editor, instead of an operating system, to view and edit your source files. :)


Comment on Re: Vulnerabilities when editing untrusted code...
Re^2: Vulnerabilities when editing untrusted code...
by LanX (Canon) on May 30, 2010 at 23:29 UTC
    I'm not using Komodo...

    Cheers Rolf

      Sorry. Beyond the name I've no knowledge of Komodo. I meant Emacs.

        Which demonstrates your vi-gnorance ... as I wrote Emacs doesn't have this problem.

        Cheers Rolf

Re^2: Vulnerabilities when editing untrusted code...
by rurban (Scribe) on Aug 09, 2010 at 14:34 UTC
    Every perl editor which tries to check for compile time errors and warnings (Komodo, Padre, emacs with flyspell using perl -c, vi?) need to put use Safe upfront, and no Safe at the end of the BEGIN or the begin of INIT.

    This cannot be done within Perl generally as users need to execute BEGIN blocks, just not in editors.

    The only remaining problem with Safe is then XS code, which might get executed at compile-time and cannot be checked for harm.

      Every perl editor which tries to check for compile time errors and warnings...

      Which is one reason I don't use such editors. It's like sticking your finger in a power socket to check if it's live.


      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
        It's like sticking your finger in a power socket to check if it's live.

        Or to see if there are any wires in it, bad idea all around (ouch)

      Hi Reini

      I'm not sure what you mean... the editor should parse the code for all occurrences of BEGIN, CHECK and UNITCKECK and wrap each block with "use Safe" and "no Safe"?

      Regarding the described problems to parse for such blocks I have no idea how to achieve this reliably withot adding a hook to Perl's parser.

      Please see Intercepting compile time blocks like BEGIN {} for more detailed description of what I mean.

      Cheers Rolf

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://842305]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (8)
As of 2014-12-29 15:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (192 votes), past polls