In answer to the anonymous monk's post, I have looked at both the Taint and Untaint module. The Taint module implements the code from perlsec and puts some pretty wrappers around it. The Untaint module is an interesting mirror image of the code I have written called Detaint. I am doing things, it seems, pretty much according to Hoyle.

I have isolated the issue. Consider the code

#!/usr/bin/perl -T

sub is_tainted {
    return ! eval {
        join('',@_), kill 0;
        1;
    };
}

#---
# This should taint things for me
#---
my $taint = shift @ARGV;

my $clean = "clean";

my $expected = {
             clean => $clean,
             taint => $taint,
           };

my $wrong = {
             taint => $taint,
             clean => $clean,
           };

printf "\$expected %s tainted\n", is_tainted( $expected ) ? "is" : "is
+n't";
printf "\$expected->clean %s tainted\n",
        is_tainted( $expected->{clean} ) ? "is" : "isn't";
printf "\$expected->taint %s tainted\n",
        is_tainted( $expected->{taint} ) ? "is" : "isn't";

print "----------\n";

printf "\$wrong %s tainted\n", is_tainted( $wrong ) ? "is" : "isn't";
printf "\$wrong->clean %s tainted\n",
        is_tainted( $wrong->{clean} ) ? "is" : "isn't";
printf "\$wrong->taint %s tainted\n",
        is_tainted( $wrong->{taint} ) ? "is" : "isn't";
[download]

If the first element in the hash ref is tainted, everything else is as well. If the first element is clean, it isn't. This is very wrong. Do I have enough for a bug report?

Mik Firestone ( perlus bigotus maximus )