You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27 lines
1.0 KiB
27 lines
1.0 KiB
23 years ago
|
"A security hole has been discovered in Safe.pm. When a Safe compartment
|
||
|
|
has already been used, there's no guarantee that it's safe any longer,
|
||
|
|
because there's a way for code executed within the Safe compartment to
|
||
|
|
alter its operation mask. (Thus, programs that use a Safe compartment
|
||
|
|
only once aren't affected by this bug.)"
|
||
|
|
|
||
|
|
--- ext/Opcode/Safe.pm.orig
|
||
|
|
+++ ext/Opcode/Safe.pm
|
||
|
|
@@ -213,7 +213,7 @@
|
||
|
|
# Create anon sub ref in root of compartment.
|
||
|
|
# Uses a closure (on $expr) to pass in the code to be executed.
|
||
|
|
# (eval on one line to keep line numbers as expected by caller)
|
||
|
|
- my $evalcode = sprintf('package %s; sub { eval $expr; }', $root);
|
||
|
|
+ my $evalcode = sprintf('package %s; sub { @_ = (); eval $expr; }', $root);
|
||
|
|
my $evalsub;
|
||
|
|
|
||
|
|
if ($strict) { use strict; $evalsub = eval $evalcode; }
|
||
|
|
@@ -227,7 +227,7 @@
|
||
|
|
my $root = $obj->{Root};
|
||
|
|
|
||
|
|
my $evalsub = eval
|
||
|
|
- sprintf('package %s; sub { do $file }', $root);
|
||
|
|
+ sprintf('package %s; sub { @_ = (); do $file }', $root);
|
||
|
|
return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
|
||
|
|
}
|
||
|
|
|