Re^2: use taint


Problems? Is your data what you think it is?
	PerlMonks

Re^2: use taint

by Tomte (Priest)

on Jun 23, 2004 at 09:02 UTC ( [id://368979]=note: print w/replies, xml )

Need Help??

in reply to Re: use taint
in thread use taint

hmm, the way I read the docs suggest that use re 'taint'; does not enable global taint mode as perl -[Tt] does; if it is active, the regex-engines memory vars (and match-operators return values in list context) will be tainted if the input thats matched against was tainted -- no re 'taint'; is used to disable these effects for certain code blocks.

AFAI understand this, the purpose of this module is to tighten security in taint-mode a bit – you can only untaint data in blocks in which no re 'tain' is active...

regards,
tomte

An intellectual is someone whose mind watches itself.
-- Albert Camus

Comment on Re^2: use taint Select or Download Code

Replies are listed 'Best First'.

Re^3: use taint
by hardburn (Abbot) on Jun 23, 2004 at 12:35 UTC

Right, use re 'taint'; doesn't appear to do anything useful:

$ perl -e 'use re "taint"; open FH, pop; close FH;' ">somefile"
$ perl -T -e 'open FH, pop; close FH;' ">somefile"
Insecure dependency in open while running with -T switch at -e line 1.
$ perl -v

This is perl, v5.8.2 built for i686-linux
 . . .
[download]

It's purpose is basically so you can have the orthagonal operation, no re 'taint';, which is useful (sort of . . . ).

----
send money to your kernel via the boot loader.. This and more wisdom available from Markov Hardburn.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom