How safe is Safe.pm?
Recently, deciding to do some improvements to RegexLab, I decided Safe be best employed, so I did a quick search on perlmonks and came accross
How to use LWP::Simpe inside a safe compartment? (unresolved - probably need to permit some network opcodes)
use Safe and CGI; (a nice little demo)
The proper use of Safe(lesson: lexicals ain't globals)
How Safe is Safe::? (warranty discussion - not related)
Known security issues with Safe.pm? is right on topic, but there is no answer ( and my question is more to the comments of ask ).
Mileage with safe, Perl sandbox,
Safe / @ISA Problem
Now I come accross Safe.pm is not safe
in which ask says
By returning the right values from the safe compartment it's quite possibly to "break out" of it.
and someone in the cb said the same thing (Safe isn't truly safe), so can somebody explain to me why/how?
Code examples work best.
I am aware of Safe::Hole. I did search perlmonks for previous discussion ask mentions that discuss the insecurity of Safe.pm, but turned up nothing.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||