Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation

Re: Re^2: use Safe ; Any Thwarted Attacks?

by BUU (Prior)
on Nov 11, 2003 at 08:27 UTC ( [id://306120]=note: print w/replies, xml ) Need Help??

in reply to Re^2: use Safe ; Any Thwarted Attacks?
in thread use Safe ; Any Thwarted Attacks?

Question: Do either of these approaches deal with the BEGIN block bug? Which is where, if I'm not mistaken, the code in the BEGIN block is executed before the safe/ops module is loaded, thus rendering the entire thing pointless? Or is this not a bug any more?

And while I'm pondering, what about keeping the 'unsafe' code seperate from the main code, then run the main code then as a run-time directive 'require' the unsafe code, probably as something like SAFE{ do } or however safe blocks are actually implemented?

Replies are listed 'Best First'.
Re: Re: Re^2: use Safe ; Any Thwarted Attacks?
by scrottie (Scribe) on Nov 13, 2003 at 17:21 UTC
    BEGIN and use are each run immediately upon sight. Looking at the TinyWiki code I linked from my initial reply, you'll see the "use ops" strategically located - before it are subs defined that I want to provide priviledged fascilities and have input validation built in. Beyond it is code that doesn't require priviledge and things that result in evals, including evals of code in pages. To generalize, put the use ops line before unsane things. If someone can insert a BEGIN block with arbitrary contents into the code, then they could just delete the use ops line, too, couldn't they? Doing use ops then requiring another file, or using another file on a subsequent line is safe. Of course the main code would be seperate from sandboxed code. The priviledged conde contains the sandboxed code - not vice versa. Look no further than the Safe manual page for examples.

    But this is far afield - the original question was whether or not Safe "thwarts" attacks. I'm not even talking about here. I only mentioned because my experience is with it and I had a few footnotes to offer on it, but even with the additional safety afforded, I wanted to point out to the original author that it wasn't the correct idiom. The additional safety was too complex to implement, not completely trust-worthy, and there are better ways to do what he wants to do.


Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://306120]
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (6)
As of 2024-05-19 14:59 GMT
Find Nodes?
    Voting Booth?

    No recent polls found