"A security hole has been discovered in Safe.pm. When a Safe compartment
has already been used, there's no guarantee that it's safe any longer,
because there's a way for code executed within the Safe compartment to
alter its operation mask. (Thus, programs that use a Safe compartment
only once aren't affected by this bug.)"

--- ext/Opcode/Safe.pm.orig
+++ ext/Opcode/Safe.pm
@@ -213,7 +213,7 @@
     # Create anon sub ref in root of compartment.
     # Uses a closure (on $expr) to pass in the code to be executed.
     # (eval on one line to keep line numbers as expected by caller)
-	my $evalcode = sprintf('package %s; sub { eval $expr; }', $root);
+	my $evalcode = sprintf('package %s; sub { @_ = (); eval $expr; }', $root);
     my $evalsub;
 
 	if ($strict) { use strict; $evalsub = eval $evalcode; }
@@ -227,7 +227,7 @@
     my $root = $obj->{Root};
 
     my $evalsub = eval
-	    sprintf('package %s; sub { do $file }', $root);
+	    sprintf('package %s; sub { @_ = (); do $file }', $root);
     return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
 }