| Next | Tricks of the Wizards | 50 |
The eval'ed code is not actually confined to the new package:
$/ = 'e'; # Sucker!
$Security::ENABLED = 0; # Double sucker!
eval is still eval
system("rm -rf /");
To prevent these, you need to use Safe.
The hash-into-new-package strategy is still valuable in conjunction with Safe.
my $result = Safe->new->reval($program);
Text::Template is an extended example of this.
| Next |  |
Copyright © 2003 M. J. Dominus |