home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Book HomeJava and XSLTSearch this book

8.179. Safe

Creates compartments for evaluating untrusted Perl code. Each compartment has an associated operator mask for excluding particular Perl operators from the compartment. (See the Opcode module for more information on operators and operator masks.) The default mask is applied during compilation to prevent all operations that give access to the system. Safe provides the following methods.

new

$cpt = new Safe [(namespace, mask)]

Constructor. Creates a new compartment. Takes the following arguments:

namespace
Optional. Root namespace to use for the compartment. Default is Safe::Root0, which autoincrements for each new compartment.

mask
Optional. Operator mask to use; defaults to a restrictive set.

mask

$cpt->mask ([mask])

Sets operator mask for the compartment if mask is specified; otherwise, it gets the current mask.

rdo

$cpt->rdo (filename)

Evaluates the contents of file filenameinside the compartment.

reval

$cpt->reval (string)

Evaluates string as Perl code inside the compartment.

root

$cpt->root ([namespace])

If namespace is specified, sets the root namespace for the compartment; otherwise, gets the current namespace.

share

$cpt->share (varname[, ...])

Shares the variable(s) in the argument list with the compartment.

trap

$cpt->trap (op[, ...])

For each operator specified in the argument list, sets the corresponding bit in the compartment's operator mask.

untrap

$cpt->untrap (op[, ...])

For each operator specified in the argument list, resets the corresponding bit in the compartment's operator mask.

varglob

$cpt->varglob (varname)

Returns a glob for the symbol table entry of varname in the compartment's package.

The following subroutines are available for export by Safe. The operator names can be found in the array op_name in the file opcode.h in the Perl distribution.

emptymask

emptymask

Returns a mask with all operators unmasked.

fullmask

fullmask

Returns a mask with all operators masked.

mask_to_ops

mask_to_ops (mask)

Takes an operator mask mask and returns a list of the names of operators masked in mask.

MAXO

MAXO

Returns the number of operators in a mask (and hence its length).

opcode

opcode (op[, ...])

Takes a list of operator names and returns the corresponding list of opcodes.

op_mask

op_mask

Returns the operator mask in effect at the time the invocation to the subroutine was compiled.

opname

opname (op[, ...])

Takes a list of opcodes and returns the corresponding list of operator names.

ops_to_mask

ops_to_mask (op[, ...])

Takes a list of operator names and returns an operator mask with those operators masked.



Library Navigation Links

Copyright © 2002 O'Reilly & Associates. All rights reserved.