develooper Front page | perl.perl5.porters | Postings from October 2002

Re: [perl #17744] Security-Hole in module

Thread Previous | Thread Next
Benjamin Goldberg
October 4, 2002 10:18
Re: [perl #17744] Security-Hole in module
Message ID:
Andreas Jurenda (via RT) wrote:
>     my $temp_mask = $obj->{Mask};
>     # JURENDA: put opmask in temporary scalar
>     return Opcode::_safe_call_sv($root, $temp_mask, $evalsub);
>     # JURENDA: call with this temp var

Personally, I would prefer that we should prevent user code from even
*trying* to alter these...

    return Opcode::_safe_call_sv("$root", "$obj->{Mask}", $evalsub);

This way, trying to change $_[1] in the evaled sub produces death due to
modification of read-only scalar.

How many Monks would a Chipmonk chip,
if a Chipmonk could chip Monks?

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About