I tentatively disagree

Once you have verified that your script runs with taint-checking, then taint-checking serves no further purpose

To correct your analogy, taint-checking is the irritating voice that tells you when your seat-belt is undone - once you fasten your seat-belt, this voice should not utter another word, and therefore what would be the difference if you turned it off entirely?

I would agree that it would be possible to write a script that would be vulnerable if taint-checking was disabled, but that would imply a faulty script and/or testing process (e.g. you never bothered to test the script using all available params)

Once more with feeling - taint-checking doesn't make your data 'safe' - it just prevents your script from processing unsafe data. The mechanisms you place in your script to make data 'safe' will still be present irrespective of whether taint-checking is on or off

I would agree that it would be possible to write a script that would be vulnerable if taint-checking was disabled, but that would imply a faulty script and/or testing process (e.g. you never bothered to test the script using all available params)

You're right. How could I be so stupid. Noone ever releases programs with bugs!

Abigail

Heh - actually, I'd be willing to change my 'e.g.' to an 'i.e.'. Whilst bugs are a part of life, allowing a script to accept 3 params, but only testing with 2 prior to disabling taint would be, well, pretty dumb.

And face it, anyone dumb enough to do that will probably have screwed up cleaning the user input anyway...

Tom Melly, tom@tomandlu.co.uk