from my understanding, this is mostly a problem with Taint-checking being clumsy. using <> does not give the input line the ability to modify %foo (unless you eval'd it and then it would taint anything it touches), so the keys other than dirty should stay clean, but they do not. I believe this is an implimentation detail (or bug?) in taint checking that makes all keys in a hash share the same taint-state. Maybe someone with a bit more source knowlege could confirm that ? I will start check source myself, and will post an update if i find anything.

Update : Now i am getting too far into this (Trees? What trees ? i am in a forest !), and have found that normal hashes do not suffer this. So, in Perl 5.6.0 i used :
%ENV = ();
%foo = (
  clean => '/usr/matt/.netrc',
  dirty => (<>),
);

print "$foo{clean}\n";
sleep 1;
print "$foo{dirty}\n";
sleep 2;
system("ls $foo{clean}"); # ok
system("ls $foo{dirty}"); # error

[download]
but failed on a hash ref. ... still looking.


Update Again : Ok, here is an odd one, here is my test code :
$| = 1;
%ENV = ();
%foo = (
  clean => '/usr/matt/.netrc',
  dirty => (<>),
);

$bar = {
  clean => '/usr/matt/.profile',
  dirty => (<>),
};

$and = \%foo;

print "Foo\n";
print "1 : " ; system("echo $foo{clean} > /dev/null 2>&1");
print "2 : " ; system("echo $foo{dirty} > /dev/null 2>&1");

print "Bar\n";
print "1 : " ; system("echo \"$bar\" > /dev/null 2>&1");
print "2 : " ; system("echo $bar->{clean} > /dev/null 2>&1");
print "3 : " ; system("echo $bar->{dirty} > /dev/null 2>&1");

print "And\n";
print "1 : " ; system("echo \"$and\" > /dev/null 2>&1");
print "2 : " ; system("echo $and->{clean} > /dev/null 2>&1");
print "3 : " ; system("echo $and->{dirty} > /dev/null 2>&1");

[download]
And the output is :
%shell > perl -Du -U -T taintme.pl

EXECUTING...

a
^D
b
^D
Foo
1 : system 0 30004 30004
2 : system 1 30004 30004
a
Bar
1 : system 0 30004 30004
2 : system 1 30004 30004
3 : system 1 30004 30004

And
1 : system 0 30004 30004
2 : system 0 30004 30004
3 : system 1 30004 30004
a

[download]
I am now seeing this is something with the anonhash specifically, and assiging a hash-ref to an extsing hash will allow key access. Unsure why.

Update 3: anymore updates and i will create a new node. I added some code to my last test script and got yet another oddity. I added :
$another = +{};
$another->{clean} = '/usr/matt/.kshrc';
$another->{dirty} = (<>);
# and also
print "1 : " ; system("echo \"$another\" > /dev/null 2>&1");
print "2 : " ; system("echo $another->{clean} > /dev/null 2>&1");
print "3 : " ; system("echo $another->{dirty} > /dev/null 2>&1");

[download]
and to my suprise i got :
Another
1 : system 0 30004 30004
2 : system 0 30004 30004
3 : system 1 30004 30004

[download]
... so, now i think it is a bug in how tainting is assigned during the assigment. Maybe it taints everything in the {} block as a group ? thats about all i have at this point. hmmm... looking at perl -Dut -U -T taintme.pl i see that the code is parsed, and not until the end of the block it is decalred a anonymous hash. So, because it could be a code ref (maybe? i'm guessing) the taint covers the whole block. My fix is to assign dirty element seperatly line $another above.

Update (last) : Per CB request , here is the fix fo the code :
Taint bad ...
#!/usr/bin/perl -wT
#
use strict;

my $foo = {
      'clean'         => 'filename.txt',
      'dirty'         => scalar(<>),
};
open(F,"+>{$foo->{clean}}");
close(F);

[download]

... and taint ok ...
#!/usr/bin/perl -wT
#
use strict;

my $foo{clean} = 'filename.txt';
$foo{dirty} = scalar(<>);

open(F,"+>{$foo->{clean}}");
close(F);

[download]
can't sleep clowns will eat me
-- MZSanford

In reply to Re: Re: Re: tainted entangled hashrefs by MZSanford
in thread tainted entangled hashrefs by Boldra

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.