Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??
BEGIN and use are each run immediately upon sight. Looking at the TinyWiki code I linked from my initial reply, you'll see the "use ops" strategically located - before it are subs defined that I want to provide priviledged fascilities and have input validation built in. Beyond it is code that doesn't require priviledge and things that result in evals, including evals of code in pages. To generalize, put the use ops line before unsane things. If someone can insert a BEGIN block with arbitrary contents into the code, then they could just delete the use ops line, too, couldn't they? Doing use ops then requiring another file, or using another file on a subsequent line is safe. Of course the main code would be seperate from sandboxed code. The priviledged conde contains the sandboxed code - not vice versa. Look no further than the Safe manual page for examples.

But this is far afield - the original question was whether or not Safe "thwarts" attacks. I'm not even talking about Safe.pm here. I only mentioned ops.pm because my experience is with it and I had a few footnotes to offer on it, but even with the additional safety afforded, I wanted to point out to the original author that it wasn't the correct idiom. The additional safety was too complex to implement, not completely trust-worthy, and there are better ways to do what he wants to do.

-scott

In reply to Re: Re: Re^2: use Safe ; Any Thwarted Attacks? by scrottie
in thread use Safe ; Any Thwarted Attacks? by ptkdb

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
    • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Domain Nodelet?

    www.com | www.net | www.org
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this?Last hourOther CB clients
    Other Users?
    Others rifling through the Monastery: (4)
    As of 2025-06-18 17:20 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      No recent polls found
      Notices?
      erzuuliAnonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.