Vigil@nce: Perl, bypassing Safe.pm via overloading
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can define methods or overload operators, in order to
bypass restrictions imposed by the Safe.pm module of Perl.
– Severity: 2/4
– Creation date: 21/05/2010
DESCRIPTION OF THE VULNERABILITY
The Safe.pm module creates an environment restricting Perl
features:
– Safe::reval("here a Perl code") : the Perl code is restricted
– Safe::rdo("file") : the Perl code located inside the file is
restricted
However, a malicious Perl code can:
– define a destructor (DESTROY)
– define an AUTOLOAD
– overload an operator
The code located in these elements is not filtered.
An attacker can therefore define methods or overload operators, in
order to bypass restrictions imposed by the Safe.pm module of Perl.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Perl-bypassing-Safe-pm-via-overloading-9657