[Petal] Repeat object and Safe compartment

William McKee william at knowmad.com
Tue Aug 12 00:51:25 BST 2003 

On Fri, Jul 25, 2003 at 03:48:45PM +0100, Jean-Michel Hiver wrote:
> I have managed to get the repeat object thingie working with Petal. The
> way I achieved this was by:

<snip>

> And it works! However Safe wouldn't let me access those variables...
> 
> So at the moment I have this in Petal.pm's _code_memory_cached
> subroutine:
> 
>   if (0) # if ($TAINT) - doesn't work with repeat object

I kept this message around knowing that I'd soon run into a problem
since I use Taintchecks in my test environment. I was able to use the
following to cause a taint error:

	perl -T t/038_Pass_Variables.t

I spent far too long trying to debug Safe and rewrite the code doing the
reval. Finally, I began looking at the code that was being generated for
Safe to eval. I rewrote the use of package variables to be accessed via
set methods which seems to have cleared up the taint issues. I don't
know whether this solution introduces other issues as this is my first
patch to the code generating code. Your feedback is appreciated!

William

-- 
Knowmad Services Inc.
http://www.knowmad.com
-------------- next part --------------
17a18,20
> # makes taint mode happy if set to 1
> our $TAINT = undef;
> 
119a123
> 	$TAINT = $petal_object->taint();
383,384c387,399
<     $class->add_code ("local \$Petal::Hash_Repeat::MAX = \@array - 1;");
<     $class->add_code ("local \$Petal::Hash_Repeat::CUR = undef;");
---
> 	if ($TAINT)
> 	{
> 		$class->add_code ("\$hash->{repeat}->set_max(\@array - 1);");
> 		$class->add_code ("\$hash->{repeat}->set_cur(undef);");
> 		$class->add_code ("$Petal::Hash_Repeat::MAX;");
> 		$class->add_code ("$Petal::Hash_Repeat::CUR;");
> 	}
> 	else
> 	{
> 		$class->add_code ("local \$Petal::Hash_Repeat::MAX = \@array - 1;");
> 		$class->add_code ("local \$Petal::Hash_Repeat::CUR = undef;");
> 	}
> 
388c403,410
<     $class->add_code ("\$Petal::Hash_Repeat::CUR = \$i;");
---
> 	if ($TAINT)
> 	{
> 		$class->add_code ("\$hash->{repeat}->set_cur(\$i);");
> 	}
> 	else
> 	{
> 		$class->add_code ("\$Petal::Hash_Repeat::CUR = \$i;");
> 	}
-------------- next part --------------
14a15,16
> sub set_max { $MAX = $_[1]; return 0; }
> sub set_cur { $CUR = $_[1]; return 0; }

More information about the Petal mailing list