Path: usenet.cis.ufl.edu!usenet.eel.ufl.edu!news.uoregon.edu!psgrain!nntp.teleport.com!usenet
From: [email protected] (Malcolm Beattie)
Newsgroups: comp.lang.perl.announce,comp.lang.perl.misc
Subject: Safe extension beta2 (security bug-fix)
Followup-To: comp.lang.perl.misc
Date: 1 Sep 1995 03:08:09 GMT
Organization: Oxford University, England
Lines: 17
Approved: [email protected] (comp.lang.perl.announce)
Message-ID: <[email protected]>
NNTP-Posting-Host: linda.teleport.com
X-Disclaimer: The "Approved" header verifies header information for article transmission and does not imply approval of content.
Xref: usenet.cis.ufl.edu comp.lang.perl.announce:114 comp.lang.perl.misc:5241

I've found a slight security hole in the beta1 release of the Safe
extension which potentially allows code evaulated in a Safe
compartment limited access to some code outside the compartment.
A bug-fixed release is available as
   ftp://ftp.ox.ac.uk/pub/perl/Safe-b2.tar.gz
The whole thing is only 17K so it's not worth making a patch kit.

A one-line fix is also included which corrects the way $_ and @_ are
shared with compartments which use "package Foo" to switch packages.

--Malcolm

--
Malcolm Beattie <[email protected]>
Oxford University Computing Services
"Widget. It's got a widget. A lovely widget. A widget it has got." --Jack Dee

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.