develooper Front page | perl.perl5.porters | Postings from October 2002

Re: [perl #17744] Security-Hole in module

Thread Previous
Rafael Garcia-Suarez
October 4, 2002 13:40
Re: [perl #17744] Security-Hole in module
Message ID:
Benjamin Goldberg wrote:
> Andreas Jurenda (via RT) wrote:
> [snip]
> >     my $temp_mask = $obj->{Mask};
> >     # JURENDA: put opmask in temporary scalar
> >     return Opcode::_safe_call_sv($root, $temp_mask, $evalsub);
> >     # JURENDA: call with this temp var
> Personally, I would prefer that we should prevent user code from even
> *trying* to alter these...
>     return Opcode::_safe_call_sv("$root", "$obj->{Mask}", $evalsub);
> This way, trying to change $_[1] in the evaled sub produces death due to
> modification of read-only scalar.

This won't produce death. _safe_call_sv executes the closure in
the caller's context, i.e. in _safe_call_sv context (hence the access of
the closure to its parent @_).

Your proposed fix is equivalent to Andreas' one : it prevents that
changing the 2nd slot of @_ also replaces also the $obj->{Mask}
it's aliased to. Just like with any normal subroutine call ;-

My preferred fix would be to empty @_ in the closure before eval'ing
the code.

Thread Previous Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About