| 123456789101112131415161718192021222324252627 |
- "A security hole has been discovered in Safe.pm. When a Safe compartment
- has already been used, there's no guarantee that it's safe any longer,
- because there's a way for code executed within the Safe compartment to
- alter its operation mask. (Thus, programs that use a Safe compartment
- only once aren't affected by this bug.)"
- --- ext/Opcode/Safe.pm.orig
- +++ ext/Opcode/Safe.pm
- @@ -213,7 +213,7 @@
- # Create anon sub ref in root of compartment.
- # Uses a closure (on $expr) to pass in the code to be executed.
- # (eval on one line to keep line numbers as expected by caller)
- - my $evalcode = sprintf('package %s; sub { eval $expr; }', $root);
- + my $evalcode = sprintf('package %s; sub { @_ = (); eval $expr; }', $root);
- my $evalsub;
-
- if ($strict) { use strict; $evalsub = eval $evalcode; }
- @@ -227,7 +227,7 @@
- my $root = $obj->{Root};
-
- my $evalsub = eval
- - sprintf('package %s; sub { do $file }', $root);
- + sprintf('package %s; sub { @_ = (); do $file }', $root);
- return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
- }
-
|
