Safe.pm Considered Harmful

By Deborah Pickett.

Published by The Open Source Developers' Conference Papers

Format Price
Article: Electronic Free Download

Using Safe.pm to compile untrusted Perl code is supposed to protect you from having that code do nasty things to your environment. But it is often so restrictive that you find that using Safe stops you from doing anything useful at all. This presentation shows how Safe.pm does its magic, and how this limits what it is able to do. Also discussed is Safe::Hole.pm and when it is (and isn't) useful. Featuring real-world examples from the author's experiences with Safe.

Keywords: Perl, Modules, Safe, Sandboxing, Security

Article: Electronic (PDF File; 501.843KB). Published by The Open Source Developers' Conference Papers.

Deborah Pickett

Former lecturer at Monash University, now a Senior Technical Writer at Moldflow.