[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: namespace problem on Safel
> The namespace problem on Safe module was already discussed here. I don't
> know the discussion since today, and made Safe::Hole module. It makes a
> hole to the original root compartment in the Safe compartment
>
> It is at:
> http://hp1.jonex.ne.jp/~nakajima.yasushi/archives/Safe-Hole-0.03.tar.gz
>
>
This works great!
Aside to perl5-porters: yes, I am aware of the ebbing and flowing of the
Safe.pm controversy. It is certainly better than nothing; and since I
use it to protect users from each other more than anything it is valuable
to Minivend. I don't use it to allow arbitrary code to be executed from
non-local sources; typically the user must be able to write the file
system with some sort of password access before they can eval code using
Safe. The Minivend code doesn't run as root, but it does run as one
user ID that resides in multiple groups and I don't want to make it easy
to alter someone else data. I would be very disappointed if Safe were
to be removed from the distribution.
> Of course you must be careful to use Safe::Hole. But it is not more
> danger than Safe::share(). The name 'Hole' may be too stimulative.
>
>
> Sey Nakajima <sey@jkc.co.jp>
> Kyoto, Japan
>
This is very good for Minivend, as now I can let users use DBI databases
inside a Safe compartment. Better for all concerned; I was having to go
global (meaning eval instead of $safe->reval) when using DBI (this is a
per-catalog thing on Minivend) or constrain the user to limit embedded
Perl use when not using the internal Minivend DBM database types. I
was able to successfully share and use a DBI database in no time flat
using Safe::Hole.
Thank you Sey!
--
Mike Heins http://www.minivend.com/ ___
Internet Robotics |_ _|____
Be patient. God isn't 131 Willow Lane, Floor 2 | || _ \
finished with me yet. Oxford, OH 45056 | || |_) |
-- unknown <mikeh@minivend.com> |___| _ <
513.523.7621 FAX 7501 |_| \_\
