the checking involves things like the run-time environment and when I say environment, I mean things like permissions on directories &/or files that your script accesses, having potentially unsafe directories on your path etc.
perl does none of those things. Tainting doesn't cause Perl to check anything but the taint flag on Perl values.
then the script failed taint checking becuase the whole world & his uncle could potentially overwrite the accessed binary.
Not at all.
$ cat child #!/usr/bin/perl print("child\n"); $ ls -l child -rwxrwxrwx 1 ikegami group 34 2008-12-13 08:15 child $ perl -T -e'%ENV=(); system("./child") and die("error: $?")' child
Now, the system won't let me run a world-writable setuid program, but that has nothing to do with Perl.
$ chmod a+s child $ perl -T -e'%ENV=(); system("./child") and die("error: $?")' Setuid/gid script is writable by world. error: 6400 at -e line 1.
In reply to Re^2: Doubt in perl taint
by ikegami
in thread Doubt in perl taint
by lakshmananindia
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |