The link you shared earlier stated:
By default, Perl automatically enables a set of special security checks, called taint mode, when it detects its program running with differing real and effective user or group IDs.
But, lest one think that this were the only criterion upon which taint would be invoked, look a little further down in that documentation and we see...
Support for taint checks adds an overhead to all Perl programs, whether or not you're using the taint features. Perl 5.18 introduced C preprocessor symbols that can be used to disable the taint features....and this is followed by some itemization of things that are not checked by default for taintedness, implying everything else is.
To my logical mind, those two statements don't quite add up. Why does taint need to have special ways of being disabled if it were not first engaged? If taint checks can be done on an explicit, variable basis, why the need to have special tools to disengage it?
Thus, I find the documentation to be ambiguous. Perhaps someone could help to rewrite that portion of the documentation to make clear exactly how much taint checking is made mandatory, and by which versions of Perl. A table would be nice. I like tables.
Blessings,
~Polyglot~
In reply to Re^7: How to disable taint checking by Perl?
by Polyglot
in thread How to disable taint checking by Perl?
by dissident
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |