use Safe;

$sandbox = Safe->new();             # anonymous sandbox
$sandbox = Safe->new("PackName");   # in that symbol table

# Enable or disable opcodes by group or name.
$sandbox->permit(qw(:base_core));
$sandbox->permit_only(qw(:base_core :base_loop :base_mem));
$sandbox->deny("die");

# like do(), but in the sandbox
$ok = $sandbox->rdo($filename);

# like do(), but in the sandbox
$ok = $sandbox->reval($code);       # without 'use strict'
$ok = $sandbox->reval($code, 1);    # with 'use strict'

The Safe module attempts to provide a restricted environment to protect the rest of the program from dangerous operations. It uses two different strategies to do this. Much as an anonymous FTP daemon's use of chroot (2) alters the view of the root of the filesystem, creating a compartment object with Safe->new("PackName") alters that compartment's view of its own namespace. The compartment now sees as its root symbol table (main::) the symbol table that the rest of the program sees as PackName::. What looks like Frobnitz:: on the inside of the compartment is really PackName::Frobnitz:: on the outside. If you don't give an argument to the constructor, a random new package name is selected for you.

The second and more important facility that a Safe compartment provides is a way to limit code that is deemed legal within an eval. You can tweak the allowable opcode set (legal Perl operations) using method calls on your Safe object. Two methods are available to compile code in a Safe compartment: rdo ("restricted do") ...