Vulnwatch mailing list archives

Previous By Date Next
Previous By Thread Next

Perl Safe.pm compartment reuse vuln

From: Rain Forest Puppy <rfp () vulnwatch org>
Date: Wed, 6 Nov 2002 05:59:18 +0000 (GMT)

A bug was found in Perl's Safe.pm module:

http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5

Basically, code in the sandbox can modify the execution/operation mask via
@_; if the compartment was ever reused, the second time around it might
use the modified execution mask.

Perl <= 5.8.0 are vuln.

- rfp
Previous By Date Next
Previous By Thread Next

Current thread: