diff options
| author | John Lightsey <john@04755.net> | 2021-01-09 12:16:08 +0000 |
|---|---|---|
| committer | Steve Hay <steve.m.hay@googlemail.com> | 2021-01-09 12:16:22 +0000 |
| commit | fa1bc2e4ea514f81f75551539092e7bf6226e8f5 (patch) | |
| tree | 2c478deb876ae02aa0db478f62c3e3e59fe5a62e | |
| parent | 4190e73eba88675cc39af83a5c4ac5905e42c7e5 (diff) | |
| download | perl-fa1bc2e4ea514f81f75551539092e7bf6226e8f5.tar.gz | |
Make security warnings in the Safe and Opcode modules more direct.
The current "no warranty" text warning against the use of Safe or
Opcode for "security purposes" is somewhat ambiguous. These modules
are not effective sandboxing mechanisms for evaluating untrusted
perl code and should not be used in that manner.
Safe and Opcode are, at best, hardening measures that could be used
in combination with operating system level sandboxing of the perl
interpreter.
(cherry picked from commit c150e7c040454515c5acfb8416f2acdb2c0a2bb4)
| -rw-r--r-- | dist/Safe/Safe.pm | 9 | ||||
| -rw-r--r-- | ext/Opcode/Opcode.pm | 9 |
2 files changed, 16 insertions, 2 deletions
diff --git a/dist/Safe/Safe.pm b/dist/Safe/Safe.pm index 3f4cb21065..6bc74540be 100644 --- a/dist/Safe/Safe.pm +++ b/dist/Safe/Safe.pm @@ -3,7 +3,7 @@ package Safe; use 5.003_11; use Scalar::Util qw(reftype refaddr); -$Safe::VERSION = "2.41"; +$Safe::VERSION = "2.41_01"; # *** Don't declare any lexicals above this point *** # @@ -543,6 +543,13 @@ outside the compartment) placed into the compartment. For example, =head1 WARNING +The Safe module does not implement an effective sandbox for +evaluating untrusted code with the perl interpreter. + +Bugs in the perl interpreter that could be abused to bypass +Safe restrictions are not treated as vulnerabilities. See +L<perlsecpolicy> for additional information. + The authors make B<no warranty>, implied or otherwise, about the suitability of this software for safety or security purposes. diff --git a/ext/Opcode/Opcode.pm b/ext/Opcode/Opcode.pm index fd9d892370..9351c3ba20 100644 --- a/ext/Opcode/Opcode.pm +++ b/ext/Opcode/Opcode.pm @@ -6,7 +6,7 @@ use strict; our($VERSION, @ISA, @EXPORT_OK); -$VERSION = "1.47"; +$VERSION = "1.48"; use Carp; use Exporter (); @@ -117,6 +117,13 @@ Safe modules for more typical uses. =head1 WARNING +The Opcode module does not implement an effective sandbox for +evaluating untrusted code with the perl interpreter. + +Bugs in the perl interpreter that could be abused to bypass +Opcode restrictions are not treated as vulnerabilities. See +L<perlsecpolicy> for additional information. + The authors make B<no warranty>, implied or otherwise, about the suitability of this software for safety or security purposes. |