All documentation about taint explains that "taint" mode may be enabled by using the switch -T on the perl commandline. Fair enough. Easy enough.
Some documentation then goes on to say that enabling of taint must happen as near the beginning of the script as possible to prevent access to tainted data - such as PERL5LIB and PERLLIB and so on. Ok - that is logical and reasonable.
My first question is:
Is there a way to enable taint during Runtime? Essentially can I enforce limits at a later point in time like I might do with a BSD resource (granted that once the limit is put in place it cannot be removed) ?
My guess is that the answer is "No," not without some XS that sets flags in the internals. Most likely there is something setup different in the interpreter which handles dangerous calls differently and this is probably done at program initialization.
Which kind of leads to the second question:
Is there a sane variable that I can check to see if taint is enabled?
Again, from the documentation I've read the answer seems to be "No," not without some XS that checks the internal flags. I know that it is possible to determine if taint is on by "probing the fence" (by generating tainted data and then eval{}ing it with a dangerous call - which is what the Taint modules generally do). There must be a flag somewhere that is set. I'm just wondering if that flag is visible.
I can think of many reasons why what I'm asking for is bad. Any reason I could think for wanting to do so could probably be easily countered with a reason why I should not. Read any the documentation and you can discern reasons why you wouldn't want to be able to do this in normal circumstances.
The common responses could be "Why wouldn't you just enable taint from the beginning - if you need it at the end you should have it at the beginning" and "Why do you need to check if taint is on - if you need to check if taint is on you should've been checking your data all along anyway in which case you'll be safe." These are good and valid responses and are certainly welcome.
But I am not as much interested in "Why you shouldn't" do these things, as I am interested in "Can you." My guess is, if the answer is "You cannot" then the reason is/was "Because you should not."
An answer of "You cannot" seems odd to me though. Perl doesn't normally keep you from doing dangerous things, even though they are dangerous.
PS - I don't have an example in mind. I'm just testing possibilities.
Update:
P.PS - The following is one way - but it is ugly. I'd much rather prefer something that I could call without re-execing (plus there is the problem of getting back to the same place in the script). Speaking of which, if I can do this, then any argument for preventing me from doing it from within the code sort of becomes mute:
exec('perl', "-Mlib=$ENV{PERL5LIB}", '-T', $0, '--taint_exec', @ARGV);
my @a=qw(random brilliant braindead); print $a[rand(@a)];
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.