On Aug 17, 2009, at 14:34 , raiph mellor wrote:
However it seems we have to pay a price: each act of rendering a Pod
file actually means executing the program that's being documented (at
least the BEGIN blocks and other stuff that happens at compile time),
with all the security risks implied. So we'll need a *very* good
sandbox. Is that worth it?

From the spec:

  However, during parsing and initialization under K<-doc>, the
  interpreter only executes those C<BEGIN>, C<CHECK>, and
  C<INIT> blocks (and equivalents, such as C<use> statements
  and subroutine declarations) that are preceded by the special
  prefix: C<DOC>

Nonetheless, DOC INIT { system "rm -rf ." } (or etc.) would be unfortunate.

brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allb...@kf8nh.com
system administrator [openafs,heimdal,too many hats] allb...@ece.cmu.edu
electrical and computer engineering, carnegie mellon university    KF8NH

Attachment: PGP.sig
Description: This is a digitally signed message part

Reply via email to