In perl, Regexp matches are used to do a lot of different things, and removing malicious characters is only one of them. So for perl to assume that a variable derived from a tainted variable through a regexp match is "clean" is dangerous.

No. You have that backwards. Perl is not "assuming" anything. Perl is not a living entity. It does not make assumptions; nor can it take circumstances into account.

Perl gives you a simple mechanism, which you can either use correctly; or not.

It is like speed limits. They may be set at 70mph (or whatever prevails in your part of the world), but that does not absolve you from responsibility.

If you try and drive your car at 70 in torrential driving rain; thick fog; or when there is likely to be black ice about; don't go blaming the result on the speed limit.

See what I wrote here...

So, you wrote a bunch of code without considering security; and now you want to 'fix' Perl; rather than fix your own code.

I have no say or influence in these matters; but it is a pretty safe bet to assume that Perl tainting isn't going to change any time soon, so you'd best expend your effort fixing your code.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.

RIP Neil Armstrong

In reply to Re^5: Taint mode limitations by BrowserUk
in thread Taint mode limitations by alain_desilets

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.