laziness, impatience, and hubris | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I'll preface my remarks by noting that I'm not an expert on Safe.pm nor mod_perl, so don't be too surprised if I'm mistaken on some points. If you store anything in global variables (such as a database module that stores the database connection in a package global), then those can be accessed under such a scheme. Since you are using mod_perl, this becomes rather likely as file-scoped lexicals don't play well with mod_perl and that leads to using package globals. I wonder if this setup prevents the use of things like Win32::TieRegistry and Win32API::File which would let your users do all sorts of system damage if on Win32 but that don't use things like open that Safe.pm would know to lock up. There may be other similar modules such that non-Win32 system would be similarly vulnerable. I also suggest you search for information on the current state of the art of Safe.pm. I vaguely recall people finding ways around its protections. - tye (but my friends call me "Tye")In reply to (tye)Re: Safe module security and emebeded perl
by tye
|
|