Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??
BEGIN and use are each run immediately upon sight. Looking at the TinyWiki code I linked from my initial reply, you'll see the "use ops" strategically located - before it are subs defined that I want to provide priviledged fascilities and have input validation built in. Beyond it is code that doesn't require priviledge and things that result in evals, including evals of code in pages. To generalize, put the use ops line before unsane things. If someone can insert a BEGIN block with arbitrary contents into the code, then they could just delete the use ops line, too, couldn't they? Doing use ops then requiring another file, or using another file on a subsequent line is safe. Of course the main code would be seperate from sandboxed code. The priviledged conde contains the sandboxed code - not vice versa. Look no further than the Safe manual page for examples.

But this is far afield - the original question was whether or not Safe "thwarts" attacks. I'm not even talking about Safe.pm here. I only mentioned ops.pm because my experience is with it and I had a few footnotes to offer on it, but even with the additional safety afforded, I wanted to point out to the original author that it wasn't the correct idiom. The additional safety was too complex to implement, not completely trust-worthy, and there are better ways to do what he wants to do.

-scott

In reply to Re: Re: Re^2: use Safe ; Any Thwarted Attacks? by scrottie
in thread use Safe ; Any Thwarted Attacks? by ptkdb

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (3)
As of 2024-06-19 17:56 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?
    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.