From tgg_ch@ntlworld.com

Created by tggbiz@ntlworld.com

Under normal circumstances globbing does not work in a Safe compartment,
despite an empty deny only list, though I have found a horrible workaround.

In order to reproduce the results just paste the code into 3 files
(SafeGlobDemo.pl, rdo.pl, glob.pl) as indicated.

I have included test results with Perl 5.10 as well as 5.8 - note that they
fail in different ways but the same workaround works for both.

# Begin File​: SafeGlobDemo.pl
#
use strict;
use warnings;

use Safe;

print "Running SafeGlobDemo\n";

do_list_files('*');

sub some_sub
{
}

sub do_list_files
{
  my $filespec = shift;
  print "do_list_files​: Listing $filespec\n";
  my $cpt = load_compartment(__PACKAGE__, 'some_sub');

  if (defined($cpt) && exists &{$cpt->varglob('list_files')})
  {
  print "do_list_files​: Calling rdo.pl list_files\n";
  &{$cpt->varglob('list_files')}($filespec);
  }
}

sub load_compartment
{
  my ($package, @​subs) = @​_;
  my $cpt;
  print "load_compartment\n";
  if (-f 'rdo.pl')
  {
  $cpt = new Safe;
  print "load_compartment​: Doing rdo.pl\n";
  $cpt->share_from('main', [ '%ENV' ]);
  if (@​ARGV > 0)
  {
  # Invoke horrible workaround!
  require 'glob.pl';
  $cpt->share_from('main', [ 'CORE​::GLOBAL​::glob' ]);
  }
  $cpt->share_from($package, [ @​subs ]);
  $cpt->deny_only();
  $cpt->rdo('rdo.pl');
  if ($@​)
  {
  die "Thrown exception from rdo.pl​: $@​\n";
  }
  }
  return $cpt;
}

# End File​: SafeGlobDemo.pl

# Begin File​: rdo.pl
#
use strict;
use warnings;

print "Loading rdo.pl\n";

sub list_files
{
  my $filespec = shift;

  for my $file (glob($filespec))
  {
  print "\tFound $file in rdo\n";
  }
}

# End File​: rdo.pl

# Begin File​: glob.pl
#
print "Loading glob.pl\n";

for (glob('*'))
{
  print ("\tFound $_\n");
}

1;

# End File​: glob.pl

# End Code

# Test Results

# Begin Tests on Perl 5.10

# Test failure

C​:\GLB\test\SafeGlobDemo>perl SafeGlobDemo.pl
Running SafeGlobDemo
do_list_files​: Listing *
load_compartment
load_compartment​: Doing rdo.pl
Thrown exception from rdo.pl​: Undefined subroutine &Internals​::SvREADO
+NLY called at C​:/Perl/lib/constant.pm line 111.
BEGIN failed--compilation aborted at C​:/Perl/lib/ActiveState/Path.pm l
+ine 11.
Compilation failed in require at C​:/Perl/lib/ActivePerl/Config.pm line
+ 46.
Compilation failed in require at C​:/Perl/lib/XSLoader.pm line 104.
Compilation failed in require at rdo.pl line 10.
BEGIN failed--compilation aborted at rdo.pl line 10.

# Workaround

C​:\GLB\test\SafeGlobDemo>perl SafeGlobDemo.pl xxx
Running SafeGlobDemo
do_list_files​: Listing *
load_compartment
load_compartment​: Doing rdo.pl
Loading glob.pl
  Found glob.pl
  Found rdo.pl
  Found SafeGlobDemo.pl
Loading rdo.pl
do_list_files​: Calling rdo.pl list_files
  Found glob.pl in rdo
  Found rdo.pl in rdo
  Found SafeGlobDemo.pl in rdo

C​:\GLB\test\SafeGlobDemo>perl -v

This is perl, v5.10.0 built for MSWin32-x86-multi-thread
(with 5 registered patches, see perl -V for more detail)

Copyright 1987-2007, Larry Wall

Binary build 1003 [285500] provided by ActiveState http​://www.ActiveSt
+ate.com
Built May 13 2008 16​:52​:49

Perl may be copied only under the terms of either the Artistic License
+ or the
GNU General Public License, which may be found in the Perl 5 source ki
+t.

Complete documentation for Perl, including FAQ lists, should be found
+on
this system using "man perl" or "perldoc perl". If you have access to
+ the
Internet, point your browser at http​://www.perl.org/, the Perl Home Pa
+ge.

# End Tests on Perl 5.10

# Begin Tests on Perl 5.8

# Test failure

D​:\GLB\test\SafeGlobDemo>perl SafeGlobDemo.pl
Running SafeGlobDemo
do_list_files​: Listing *
load_compartment
load_compartment​: Doing rdo.pl
Thrown exception from rdo.pl​: Can't locate object method "can" via pac
+kage "DynaLoader" at C​:/Perl/lib/XSLoader.pm line 90.
Compilation failed in require at rdo.pl line 10.
BEGIN failed--compilation aborted at rdo.pl line 10.

# Workaround

D​:\GLB\test\SafeGlobDemo>perl SafeGlobDemo.pl xxx
Running SafeGlobDemo
do_list_files​: Listing *
load_compartment
load_compartment​: Doing rdo.pl
Loading glob.pl
  Found glob.pl
  Found rdo.pl
  Found SafeGlobDemo.pl
Loading rdo.pl
do_list_files​: Calling rdo.pl list_files
  Found glob.pl in rdo
  Found rdo.pl in rdo
  Found SafeGlobDemo.pl in rdo

D​:\GLB\test\SafeGlobDemo>perl -v

This is perl, v5.8.8 built for MSWin32-x86-multi-thread
(with 18 registered patches, see perl -V for more detail)

Copyright 1987-2007, Larry Wall

Binary build 822 [280952] provided by ActiveState http​://www.ActiveSta
+te.com
Built Jul 31 2007 19​:34​:48

Perl may be copied only under the terms of either the Artistic License
+ or the
GNU General Public License, which may be found in the Perl 5 source ki
+t.

Complete documentation for Perl, including FAQ lists, should be found
+on
this system using "man perl" or "perldoc perl". If you have access to
+ the
Internet, point your browser at http​://www.perl.org/, the Perl Home Pa
+ge.

# End Tests on Perl 5.8

Flags:
    category=core
    severity=high

Site configuration information for perl v5.8.8:

Configured by SYSTEM at Tue Jul 31 19:34:29 2007.

Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
  Platform:
    osname=MSWin32, osvers=5.00, archname=MSWin32-x86-multi-thread
    uname=''
    config_args='undef'
    hint=recommended, useposix=true, d_sigaction=undef
    usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cl', ccflags ='-nologo -GF -W3 -MD -Zi -DNDEBUG -O1 -DWIN32 -D_CONSOLE -DNO_STRICT -DHAVE_DES_FCRYPT -DNO_HASH_SEED -DUSE_SITECUSTOMIZE -DPRIVLIB_LAST_IN_INC -DPERL_IMPLICIT_CONTEXT -DPERL_IMPLICIT_SYS -DUSE_PERLIO -DPERL_MSVCRT_READFIX',
    optimize='-MD -Zi -DNDEBUG -O1',
    cppflags='-DWIN32'
    ccversion='12.00.8804', gccversion='', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=undef, longlongsize=8, d_longdbl=define, longdblsize=8
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='__int64', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='link', ldflags ='-nologo -nodefaultlib -debug -opt:ref,icf  -libpath:"C:\Perl\lib\CORE"  -machine:x86'
    libpth=\lib
    libs=  oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib  comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib  netapi32.lib uuid.lib ws2_32.lib mpr.lib winmm.lib  version.lib odbc32.lib odbccp32.lib msvcrt.lib
    perllibs=  oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib  comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib  netapi32.lib uuid.lib ws2_32.lib mpr.lib winmm.lib  version.lib odbc32.lib odbccp32.lib msvcrt.lib
    libc=msvcrt.lib, so=dll, useshrplib=true, libperl=perl58.lib
    gnulibc_version=''
  Dynamic Linking:
    dlsrc=dl_win32.xs, dlext=dll, d_dlsymun=undef, ccdlflags=' '
    cccdlflags=' ', lddlflags='-dll -nologo -nodefaultlib -debug -opt:ref,icf  -libpath:"C:\Perl\lib\CORE"  -machine:x86'

Locally applied patches:
    ACTIVEPERL_LOCAL_PATCHES_ENTRY
    Iin_load_module moved for compatibility with build 806
    Avoid signal flag SA_RESTART for older versions of HP-UX
    PerlEx support in CGI::Carp
    Less verbose ExtUtils::Install and Pod::Find
    Patch for CAN-2005-0448 from Debian with modifications
    Rearrange @INC so that 'site' is searched before 'perl'
    Partly reverted 24733 to preserve binary compatibility
    MAINT31223 plus additional changes
    31490 Problem bootstraping Win32CORE
    31324 Fix DynaLoader::dl_findfile() to locate .so files again
    31214 Win32::GetLastError fails when first called
    31211 Restore Windows NT support
    31188 Problem killing a pseudo-forked child on Win32
    29732 ANSIfy the PATH environment variable on Windows
    27527,29868 win32_async_check() can loop indefinitely
    26970 Make Passive mode the default for Net::FTP
    26379 Fix alarm() for Windows 2003
    24699 ICMP_UNREACHABLE handling in Net::Ping


@INC for perl v5.8.8:
    C:/Perl/site/lib
    C:/Perl/lib
    .


Environment for perl v5.8.8:
    HOME (unset)
    LANG (unset)
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=C:\Program Files\Microsoft.NET\SDK\v1.1\bin;C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\IDE;C:\Program Files\Microsoft Visual Studio .NET 2003\VC7\BIN;C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Tools;C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Tools\bin\prerelease;C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Tools\bin;C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\bin;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322;C:\WINDOWS\system32;;C:\Program Files\Java\jdk1.5.0_04\bin;C:\Program Files\Java\apache-ant-1.6.5\bin;C:\Program Files\Java\Apache Software Foundation\ActiveMQ\apache-activemq-4.1.1\bin;C:\Program Files\Java\java_ee_sdk-5_03\bin;C:\Perl\bin;C:\Documents and Settings\Daddy\My Documents\Work\auto\glb\tool\Windows\bin
    PERLPATH=C:\Perl
    PERL_BADLANG (unset)
    SHELL (unset)

From tgg_ch@ntlworld.com

I was advised to try sharing *Config and &Internals​::SvREADONLY, which I
tried by inserting the following lines ...

It didn't work but the result was different on Perl 5.10 as follows.

C​:\GLB\test\newtest\SafeGlobDemo>perl SafeGlobDemo.pl
Running SafeGlobDemo
do_list_files​: Listing *
load_compartment
load_compartment​: Doing rdo.pl
Thrown exception from rdo.pl​: Undefined subroutine &mro​::method_changed_in
called at C​:/Perl/lib/constant.pm line 113.
BEGIN failed--compilation aborted at C​:/Perl/lib/ActiveState/Path.pm line
11.
Compilation failed in require at C​:/Perl/lib/ActivePerl/Config.pm line 46.
Compilation failed in require at C​:/Perl/lib/XSLoader.pm line 104.
Compilation failed in require at rdo.pl line 10.
BEGIN failed--compilation aborted at rdo.pl line 10.

Does this help any?

Tom

----- Original Message -----
From​: <perlbug-followup@​perl.org>
To​: <tgg_ch@​ntlworld.com>
Sent​: Sunday, August 03, 2008 6​:51 PM
Subject​: [perl #57554] perlbug AutoReply​: Problem globbing in a Safe
Compartment

Greetings,

This message has been automatically generated in response to the
creation of a perl bug report regarding​:
"Problem globbing in a Safe Compartment".

There is no need to reply to this message right now. Your ticket has been
assigned an ID of [perl #57554]. Within the next 24-72 hours,
your message will be posted to the perl developers. Please be patient!

Please include the string​:

[perl #57554]

in the subject line of all future correspondence about this issue. To do
so,
you may reply to this message (please delete unnecessary quotes and text.)

Thank you,
perlbug-followup@​perl.org

-------------------------------------------------------------------------
CC​: <support@​ActiveState.com>
MIME-Version​: 1.0
X-Spam-Status​: No, hits=-5.9 required=8.0
tests=BAYES_00,HTML_MESSAGE,PERLBUG_CONF,SPF_NEUTRAL
X-Mailer​: Microsoft Outlook Express 6.00.2900.3138
X-Virus-Checked​: Checked
X-Virus-Checked​: Checked
X-Old-Spam-Check-BY​: la.mx.develooper.com
Content-Type​: multipart/alternative;
boundary="----=_NextPart_000_001C_01C8F599.DE3277F0"
Message-ID​: <001f01c8f591$7dc7d390$6401a8c0@​daddyspc>
Received​: (qmail 30355 invoked from network); 3 Aug 2008 17​:51​:33 -0000
Received​: from localhost (HELO la.mx.develooper.com) (127.0.0.1) by
localhost with SMTP; 3 Aug 2008 17​:51​:33 -0000
Received​: (qmail 30352 invoked by alias); 3 Aug 2008 17​:51​:33 -0000
Received​: from la.mx.develooper.com (HELO x1.develooper.com)
(63.251.223.176) by la.mx.develooper.com (qpsmtpd/0.28) with SMTP; Sun, 03
Aug 2008 10​:51​:19 -0700
Received​: (qmail 30179 invoked by uid 225); 3 Aug 2008 17​:51​:15 -0000
Received​: (qmail 30171 invoked by alias); 3 Aug 2008 17​:51​:14 -0000
Received​: from mtaout02-winn.ispmail.ntl.com (HELO
mtaout02-winn.ispmail.ntl.com) (81.103.221.48) by la.mx.develooper.com
(qpsmtpd/0.28) with ESMTP; Sun, 03 Aug 2008 10​:50​:57 -0700
Received​: from aamtaout03-winn.ispmail.ntl.com ([81.103.221.35]) by
mtaout02-winn.ispmail.ntl.com with ESMTP id
<20080803175052.DAOT21103.mtaout02-winn.ispmail.ntl.com@​aamtaout03-winn.ispmail.ntl.com>;
Sun, 3 Aug 2008 18​:50​:52 +0100
Received​: from daddyspc ([213.106.1.169]) by
aamtaout03-winn.ispmail.ntl.com with SMTP id
<20080803175051.TEBC29597.aamtaout03-winn.ispmail.ntl.com@​daddyspc>; Sun,
3 Aug 2008 18​:50​:51 +0100
Delivered-To​: rt-perl5@​netlabs.develooper.com
Delivered-To​: perlbug@​perl.org
Subject​: Problem globbing in a Safe Compartment
Return-Path​: <tgg_ch@​ntlworld.com>
X-Msmail-Priority​: Normal
X-Spam-Check-BY​: la.mx.develooper.com
X-Priority​: 3
X-Old-Spam-Status​: No, hits=-6.6 required=8.0
tests=BAYES_00,HTML_MESSAGE,PERLBUG_CONF,SPF_PASS
Date​: Sun, 3 Aug 2008 18​:50​:58 +0100
X-Mimeole​: Produced By Microsoft MimeOLE V6.00.2900.3198
To​: <perlbug@​perl.org>
From​: "Tom Goldrick" <tgg_ch@​ntlworld.com>

From tggbiz@ntlworld.com

Whoops,

I forgot to include the extra code line, which is obviously

  $cpt->share('*Config', '&Internals​::SvREADONLY');

as well as sending the mail from the wrong email address.

I also added &mro​::method_changed_in to the share but then Perl moaned about
not being able to load File​::Glob so I think we're back where we started -
namely, how do we load Glob? - without having to execute it first.

Please send responses to tggbiz@​ntlworld.com.

Thanks,

Tom

----- Original Message -----
From​: "Tom Goldrick" <tgg_ch@​ntlworld.com>
To​: <perlbug-followup@​perl.org>
Sent​: Tuesday, August 12, 2008 7​:27 PM
Subject​: Re​: [perl #57554] perlbug AutoReply​: Problem globbing in a Safe
Compartment

I was advised to try sharing *Config and &Internals​::SvREADONLY, which I
tried by inserting the following lines ...

It didn't work but the result was different on Perl 5.10 as follows.

C​:\GLB\test\newtest\SafeGlobDemo>perl SafeGlobDemo.pl
Running SafeGlobDemo
do_list_files​: Listing *
load_compartment
load_compartment​: Doing rdo.pl
Thrown exception from rdo.pl​: Undefined subroutine &mro​::method_changed_in
called at C​:/Perl/lib/constant.pm line 113.
BEGIN failed--compilation aborted at C​:/Perl/lib/ActiveState/Path.pm line
11.
Compilation failed in require at C​:/Perl/lib/ActivePerl/Config.pm line 46.
Compilation failed in require at C​:/Perl/lib/XSLoader.pm line 104.
Compilation failed in require at rdo.pl line 10.
BEGIN failed--compilation aborted at rdo.pl line 10.

Does this help any?

Tom

----- Original Message -----
From​: <perlbug-followup@​perl.org>
To​: <tgg_ch@​ntlworld.com>
Sent​: Sunday, August 03, 2008 6​:51 PM
Subject​: [perl #57554] perlbug AutoReply​: Problem globbing in a Safe
Compartment

Greetings,

This message has been automatically generated in response to the
creation of a perl bug report regarding​:
"Problem globbing in a Safe Compartment".

There is no need to reply to this message right now. Your ticket has
been
assigned an ID of [perl #57554]. Within the next 24-72 hours,
your message will be posted to the perl developers. Please be patient!

Please include the string​:

[perl #57554]

in the subject line of all future correspondence about this issue. To do
so,
you may reply to this message (please delete unnecessary quotes and
text.)

Thank you,
perlbug-followup@​perl.org

-------------------------------------------------------------------------
CC​: <support@​ActiveState.com>
MIME-Version​: 1.0
X-Spam-Status​: No, hits=-5.9 required=8.0
tests=BAYES_00,HTML_MESSAGE,PERLBUG_CONF,SPF_NEUTRAL
X-Mailer​: Microsoft Outlook Express 6.00.2900.3138
X-Virus-Checked​: Checked
X-Virus-Checked​: Checked
X-Old-Spam-Check-BY​: la.mx.develooper.com
Content-Type​: multipart/alternative;
boundary="----=_NextPart_000_001C_01C8F599.DE3277F0"
Message-ID​: <001f01c8f591$7dc7d390$6401a8c0@​daddyspc>
Received​: (qmail 30355 invoked from network); 3 Aug 2008 17​:51​:33 -0000
Received​: from localhost (HELO la.mx.develooper.com) (127.0.0.1) by
localhost with SMTP; 3 Aug 2008 17​:51​:33 -0000
Received​: (qmail 30352 invoked by alias); 3 Aug 2008 17​:51​:33 -0000
Received​: from la.mx.develooper.com (HELO x1.develooper.com)
(63.251.223.176) by la.mx.develooper.com (qpsmtpd/0.28) with SMTP; Sun,
03 Aug 2008 10​:51​:19 -0700
Received​: (qmail 30179 invoked by uid 225); 3 Aug 2008 17​:51​:15 -0000
Received​: (qmail 30171 invoked by alias); 3 Aug 2008 17​:51​:14 -0000
Received​: from mtaout02-winn.ispmail.ntl.com (HELO
mtaout02-winn.ispmail.ntl.com) (81.103.221.48) by la.mx.develooper.com
(qpsmtpd/0.28) with ESMTP; Sun, 03 Aug 2008 10​:50​:57 -0700
Received​: from aamtaout03-winn.ispmail.ntl.com ([81.103.221.35]) by
mtaout02-winn.ispmail.ntl.com with ESMTP id
<20080803175052.DAOT21103.mtaout02-winn.ispmail.ntl.com@​aamtaout03-winn.ispmail.ntl.com>;
Sun, 3 Aug 2008 18​:50​:52 +0100
Received​: from daddyspc ([213.106.1.169]) by
aamtaout03-winn.ispmail.ntl.com with SMTP id
<20080803175051.TEBC29597.aamtaout03-winn.ispmail.ntl.com@​daddyspc>; Sun,
3 Aug 2008 18​:50​:51 +0100
Delivered-To​: rt-perl5@​netlabs.develooper.com
Delivered-To​: perlbug@​perl.org
Subject​: Problem globbing in a Safe Compartment
Return-Path​: <tgg_ch@​ntlworld.com>
X-Msmail-Priority​: Normal
X-Spam-Check-BY​: la.mx.develooper.com
X-Priority​: 3
X-Old-Spam-Status​: No, hits=-6.6 required=8.0
tests=BAYES_00,HTML_MESSAGE,PERLBUG_CONF,SPF_PASS
Date​: Sun, 3 Aug 2008 18​:50​:58 +0100
X-Mimeole​: Produced By Microsoft MimeOLE V6.00.2900.3198
To​: <perlbug@​perl.org>
From​: "Tom Goldrick" <tgg_ch@​ntlworld.com>

The RT System itself - Status changed from 'new' to 'open'