develooper Front page | perl.perl5.porters | Postings from May 2013

Re: Safe 2.35 localizing %SIG

Thread Previous | Thread Next
David Cantrell
May 22, 2013 21:30
Re: Safe 2.35 localizing %SIG
Message ID:
On Wed, May 22, 2013 at 11:48:39AM +0200, Rafael Garcia-Suarez wrote:
> On 22 May 2013 01:15, David Cantrell <> wrote:
> > I've been bitten by the localizing of %SIG in the latest  I'm
> > using a SIG ALRM to have execution of the Safe compartment time out:
> >
> > and this no longer works.  I can see why locally undefing %SIG is probably a
> > good idea, but it would be Really Good if there was a way of controlling
> > this so that I could specify that I want to be able to handle particular
> > signals.
> I have a working exploit against earlier safes that uses SIGCHLD to
> execute untrusted code, but it can be adapted to use any other signal.
> I can send it to you if you're interested.

I believe you!

I've just spent an unproductive couple of hours trying to patch
to allow me to give it a list of signals that I want to leave working
anyway regardless of the potential problems, but couldn't figure out a
clean way of getting them through the evals. Ah well, I'll just have to
find another way of getting my timeout to work.
David Cantrell | semi-evolved ape-thing

    The Law of Daves: in any gathering of technical people, the
    number of Daves will be greater than the number of women.

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About