Re^8: How to disable taint checking by Perl?

Perl version	UID != EUID	GID != EGID	-T argument	Anything else
5.10.0	Yes	Yes	Yes	No
5.12.0	Yes	Yes	Yes	No
5.14.0	Yes	Yes	Yes	No
5.16.0	Yes	Yes	Yes	No
5.18.0	Yes	Yes	Yes	No
5.20.0	Yes	Yes	Yes	No
5.22.0	Yes	Yes	Yes	No
5.24.0	Yes	Yes	Yes	No
5.26.0	Yes	Yes	Yes	No
5.28.0	Yes	Yes	Yes	No
5.30.0	Yes	Yes	Yes	No
5.32.0	Yes	Yes	Yes	No
5.34.0	Yes	Yes	Yes	No
5.36.0	Yes	Yes	Yes	No
5.38.0	Yes	Yes	Yes	No

Replies are listed 'Best First'.
Re^9: How to disable taint checking by Perl? by Polyglot (Chaplain) on Oct 25, 2023 at 15:57 UTC
That's a good start, Hippo, thank you! Now, how much would it take to add the sub-components alluded to in the documentation? For example: On versions of Perl before 5.26, activating taint mode will also remove the current directory (".") from the default value of @INC. Since version 5.26, the current directory isn't included in @INC by default. I'd like to know what the differences in taint implementation are from one Perl version to another. I never had trouble with the @INC nor with the use of backticks to execute an external command until I unsuspectingly used a version of Perl advanced beyond this line. From what I see in the documentation, this is not the only aspect which has seen changes in taint implementation. For example: To test whether a variable contains tainted data, and whose use would thus trigger an "Insecure dependency" message, you can use the tainted() function of the Scalar::Util module, available in your nearby CPAN mirror, and included in Perl starting from the release 5.8.0. Or you may be able to use the following is_tainted() function. I note that your table did not go back as far as to 5.8.0--but things were already starting to move at that point, if not before. To be clear, my understanding is that the taint mode is no longer so much of an all-or-nothing feature: it comes in multiple shades these days. It may have been true in the past that it was either enabled or disabled...this seems to be no longer the case, and it is precisely this condition for which a table would come in handy, as there is much more information than merely "Yes" or "No" which is relevant. Blessings, ~Polyglot~	[reply]
Re^10: How to disable taint checking by Perl? by hippo (Archbishop) on Oct 25, 2023 at 17:13 UTC
my understanding is that the taint mode is no longer so much of an all-or-nothing feature: it comes in multiple shades these days. I'm afraid that your understanding is incorrect. Taint mode is either enabled or disabled, there is no halfway house. Therefore there is no other information than "Yes" or "No" to be given. 🦛	[reply]
Re^11: How to disable taint checking by Perl? by Polyglot (Chaplain) on Oct 26, 2023 at 01:44 UTC
Try not enabling taint in some post-5.26 version of Perl and then discovering that your path in that backticks command was tainted, preventing your script from running. That's the problem. Taint was automatically enabled--i.e. forcibly engaged. More like taint is either enabled or it is enabled. But then, that's not accurate either, because it was only enabled on @INC. It seems then that it was either enabled or it was partially enabled...unless you manage to compile your own Perl where you forcibly disengage taint. Blessings, ~Polyglot~	[reply]
Re^12: How to disable taint checking by Perl? by Corion (Patriarch) on Oct 26, 2023 at 07:42 UTC
Re^13: How to disable taint checking by Perl? by Polyglot (Chaplain) on Oct 26, 2023 at 08:06 UTC
Re^12: How to disable taint checking by Perl? by hippo (Archbishop) on Oct 26, 2023 at 09:02 UTC
Re^12: How to disable taint checking by Perl? by pryrt (Abbot) on Oct 26, 2023 at 14:46 UTC
Re^13: How to disable taint checking by Perl? by hippo (Archbishop) on Oct 26, 2023 at 16:10 UTC
Some notes below your chosen depth have not been shown here
Re^10: How to disable taint checking by Perl? by Corion (Patriarch) on Oct 25, 2023 at 16:17 UTC
You can read all the changes by reading all the perldelta files.	[reply]