It is, however, significantly better then nothing, esp. if used properly. Specificly, you should "use Taint" before even looking at possibly tainted data, as far as you can get away with it. If it's the second line in your file (after the shabang), that's a very small window to mess things up. Additionaly, unless you advertise it (such as by using CGI::Carp :fatalsToBrowser), they won't know you're using the Taint module, and thus not design their crack to account for it. Essensialy, the only attack left is to try to mess up PERL5LIB (or possibly PATH with a tainted perl binary) before perl is invoked. It's not a bullet-proof-vest, just bullet-resistant. Still better then nothing. (The /best/ thing to do would be to have die "INVOKED WITHOUT TAINT!" unless ${^TAINT} directly as the second line of your script.

PS -- does anybody know what ${^TAINT} is set to in "baby taint mode" (IE -t, warn on taint violation mode). I'm running 5.6.1, which doesn't support either. It might be possible to fake out ${^TAINT} checking with -t.

Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).

In reply to Re: Re: [5.8.0 Note] use Taint or die by theorbtwo
in thread [5.8.0 Note] use Taint or die by rob_au

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.