Is it possible to put a subroutine into another package without violating 'use strict'?
The normal way to do this looks like
use strict;
my $var = 'Test::foo';
no strict 'refs'; # we need to leave use strict
*$var = sub {print "Bar\n";};
use strict; # turn it back on

[download]
Is it possible to do the same thing without turning off strict refs?
The reason I am asking is that I want to allow code run under Safe to access packages I have reviewed & approved (with the Safe'd code running under use strict), but I don't want them to be able to change their contents.(under Safe we can prevent them from turning off 'strict')

It is true that they couldn't add any code to the modules that they couldn't just run in their box, but they could screw with the interactions to gain new powers. Here is an exploit for a restricted caller() package, in its original form it will never let the user get to caller() through safe_caller(), but if we can modify caller_allowed() they can

package SafeCaller;

sub safe_caller { return caller(@_) if caller_allowed(); }
# disallow everyone from using safe_caller
sub caller_allowed { reutrn 0; }

[download]
-jackdied

keywords: use strict; use Safe; sandbox; restrict; namespace; taint;

In reply to Modifying packages without violating use strict by jackdied

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.