Re: Re: Taint bug with backticks in variable assignments

Replies are listed 'Best First'.
Re: Re: Re: Taint bug with backticks in variable assignments by Anonymous Monk on Nov 19, 2003 at 16:08 UTC
perldoc perlsec It would be inefficient for every operator to test every argument for taintedness. Instead, the slightly more efficient and conservative approach is used that if any tainted value has been accessed within the same expression, the whole expression is considered tainted. #!/usr/bin/perl -T $ENV{PATH} = '/usr/bin:/usr/local/bin:/bin'; $ENV{ENV} = ''; my $good = 'good'; my $bad = `echo bad`; print($bad); print(`echo $good`); #separate expressions print($bad), print(`echo $good`); #single list expression [download]	[reply] [d/l]
Re: Re: Re: Re: Taint bug with backticks in variable assignments by shotgunefx (Parson) on Nov 19, 2003 at 16:14 UTC
Maybe it's the way I'm reading that, but take the example below, I don't see how that applies. The second element isn't referencing anything that could be tainted. #!/usr/bin/perl -T $ENV{PATH} = '/usr/bin:/usr/local/bin:/bin'; $ENV{ENV} = ''; my $commands = [ `mktemp /tmp/temp.XXXXXX`, `mktemp /tmp/temp.XXXXXX`, ]; [download] -Lee "To be civilized is to deny one's nature."	[reply] [d/l]
Re: Re: Re: Re: Re: Taint bug with backticks in variable assignments by Anonymous Monk on Nov 19, 2003 at 16:26 UTC
Doesn't matter. "It would be inefficient for every operator to test every argument for taintedness." Once you use tainted data in an expression, any unsafe operator in the same expression is going to trigger a taint exception now matter what its arguments are.	[reply]
Re:(6b) Taint bug with backticks in variable assignments by shotgunefx (Parson) on Nov 19, 2003 at 16:47 UTC
Re: Re:(6b) Taint bug with backticks in variable assignments by Anonymous Monk on Nov 19, 2003 at 17:56 UTC
Some notes below your chosen depth have not been shown here
Re: (6): Taint bug with backticks in variable assignments by shotgunefx (Parson) on Nov 19, 2003 at 16:42 UTC