TUCoPS :: Linux :: Apps N-Z :: sb5872.htm

perl broken safe compartment
13th Dec 2002 [SBWID-5872]
COMMAND

	perl broken safe compartment

SYSTEMS AFFECTED

	perl, perl-5.004, perl-5.005

PROBLEM

	In Debian Security advisory [DSA 208-1] [security@debian.org] :
	
	 http://www.debian.org/security/
	
	--snip--
	
	A security hole has been discovered in Safe.pm  which  is  used  in  all
	versions of Perl. The Safe  extension  module  allows  the  creation  of
	compartments in which perl code can be evaluated in a new namespace  and
	the code evaluated in the compartment cannot refer to variables  outside
	this namespace. However, when a Safe compartment has already been  used,
	there's no guarantee that it is Safe any longer, because there's  a  way
	for code to be  executed  within  the  Safe  compartment  to  alter  its
	operation mask. Thus, programs that use a  Safe  compartment  only  once
	aren't affected by this bug.
	
	--snap--

SOLUTION

	Debian says :
	
	This problem has been fixed in version 5.6.1-8.2 for the current  stable
	distribution (woody), in version 5.004.05-6.2 and 5.005.03-7.2  for  the
	old stable  distribution  (potato)  and  in  version  5.8.0-14  for  the
	unstable distribution (sid).

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH