Re: use taint

It's under the re progma (which alters regular expression behavior, which is more or less what taint mode is). However, AFAIK, saying use re 'taint'; has no effect. It's mostly there so you can say no re 'taint'; to shut off taint mode for a given lexical scope.

----
send money to your kernel via the boot loader.. This and more wisdom available from Markov Hardburn.

Comment on Re: use taint Select or Download Code

Replies are listed 'Best First'.
Re^2: use taint by Tomte (Priest) on Jun 23, 2004 at 09:02 UTC
hmm, the way I read the docs suggest that `use re 'taint';` does not enable global taint mode as `perl -[Tt]` does; if it is active, the regex-engines memory vars (and match-operators return values in list context) will be tainted if the input thats matched against was tainted -- `no re 'taint';` is used to disable these effects for certain code blocks. AFAI understand this, the purpose of this module is to tighten security in taint-mode a bit – you can only untaint data in blocks in which `no re 'tain'` is active... regards, tomte An intellectual is someone whose mind watches itself. -- Albert Camus	[reply] [d/l] [select]
Re^3: use taint by hardburn (Abbot) on Jun 23, 2004 at 12:35 UTC
Right, `use re 'taint';` doesn't appear to do anything useful: `$ perl -e 'use re "taint"; open FH, pop; close FH;' ">somefile" $ perl -T -e 'open FH, pop; close FH;' ">somefile" Insecure dependency in open while running with -T switch at -e line 1. $ perl -v This is perl, v5.8.2 built for i686-linux . . .` [download] It's purpose is basically so you can have the orthagonal operation, `no re 'taint';`, which is useful (sort of . . . ). ---- send money to your kernel via the boot loader.. This and more wisdom available from Markov Hardburn.	[reply] [d/l] [select]