develooper Front page | perl.perl5.porters | Postings from May 2013

Re: Safe 2.35 localizing %SIG

Thread Previous | Thread Next
Rafael Garcia-Suarez
May 22, 2013 09:48
Re: Safe 2.35 localizing %SIG
Message ID:
On 22 May 2013 01:15, David Cantrell <> wrote:
> I've been bitten by the localizing of %SIG in the latest  I'm
> using a SIG ALRM to have execution of the Safe compartment time out:
> and this no longer works.  I can see why locally undefing %SIG is probably a
> good idea, but it would be Really Good if there was a way of controlling
> this so that I could specify that I want to be able to handle particular
> signals.

I have a working exploit against earlier safes that uses SIGCHLD to
execute untrusted code, but it can be adapted to use any other signal.
I can send it to you if you're interested.

> Other things: the documentation still warns about the risks of signals,
> without making clear what's going to happen; localizing $SIG and @SIG as
> well as %SIG is probably not what was intended; and finally, can anyone
> think of a clean, simple alternative that I can use for timing out a Safe
> compartment?

I localized *SIG to remove all magic from it. Localizing %SIG is not
enough (it does not fix the vulnerability).

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About