Re:(6b) Taint bug with backticks in variable assignments

One more thing, why is this ok then?

#!/usr/bin/perl -T
use strict;
use warnings;

$ENV{PATH} = '/usr/bin:/usr/local/bin:/bin';
$ENV{ENV} = '';

my $tainted = `echo "FOO"`;

my $vars =  [ 
                   $tainted,  
                   `echo "BAR"`,
                 ];
[download]

-Lee

"To be civilized is to deny one's nature."

Comment on Re:(6b) Taint bug with backticks in variable assignments Download Code

Replies are listed 'Best First'.
Re: Re:(6b) Taint bug with backticks in variable assignments by Anonymous Monk on Nov 19, 2003 at 17:56 UTC
Interesting... `rc <1> srefgen sK/1 ->rd - <1> ex-list lKRM ->rc rb <@> anonlist sKRM/1 ->rc r7 <0> pushmark s ->r8 r8 <0> padsv[$tainted:50,end] l ->r9 ra <1> backtick[t6] lK ->rb - <0> ex-pushmark s ->r9 r9 <$> const(PV "echo \"BAR\"") s ->ra` [download] The taintedness only gets checked or tirggered by an operation; 'padsv' just pushes a value on the stack, so the expression as a whole isn't tainted yet.	[reply] [d/l]
Re: (2): Re:(6b) Taint bug with backticks in variable assignments by shotgunefx (Parson) on Nov 19, 2003 at 19:31 UTC
I'd have to go with bug as the following works.. #!/usr/bin/perl -T use strict; use warnings; $ENV{PATH} = '/usr/bin:/usr/local/bin:/bin'; $ENV{ENV} = ''; sub do_nothing { @_; } my $vars = [ do_nothing( `echo "base"`), do_nothing(`echo "BAR"`), ]; [download] -Lee "To be civilized is to deny one's nature."	[reply] [d/l]
Re: Re: (2): Re:(6b) Taint bug with backticks in variable assignments by Anonymous Monk on Nov 19, 2003 at 20:52 UTC
Ok, it's a bug.	[reply]