Re: [perl #17744] Security-Hole in module Safe.pm

Andreas Jurenda (via RT) wrote:
[snip]
>     my $temp_mask = $obj->{Mask};
>     # JURENDA: put opmask in temporary scalar
>     return Opcode::_safe_call_sv($root, $temp_mask, $evalsub);
>     # JURENDA: call with this temp var

Personally, I would prefer that we should prevent user code from even
*trying* to alter these...

    return Opcode::_safe_call_sv("$root", "$obj->{Mask}", $evalsub);

This way, trying to change $_[1] in the evaled sub produces death due to
modification of read-only scalar.


-- 
How many Monks would a Chipmonk chip,
if a Chipmonk could chip Monks?

• [perl #17744] Security-Hole in module Safe.pm by Andreas Jurenda
• Re: [perl #17744] Security-Hole in module Safe.pm by Rafael Garcia-Suarez
• Re: [perl #17744] Security-Hole in module Safe.pm by Rafael Garcia-Suarez
• Re: [perl #17744] Security-Hole in module Safe.pm by Arthur Bergman
• Re: [perl #17744] Security-Hole in module Safe.pm by Rafael Garcia-Suarez
• Re: [perl #17744] Security-Hole in module Safe.pm by Arthur Bergman
• Re: [perl #17744] Security-Hole in module Safe.pm by Arthur Bergman
• Re: [perl #17744] Security-Hole in module Safe.pm by Benjamin Goldberg
• Re: [perl #17744] Security-Hole in module Safe.pm by Rafael Garcia-Suarez