Re^2: use taint

hmm, the way I read the docs suggest that use re 'taint'; does not enable global taint mode as perl -[Tt] does; if it is active, the regex-engines memory vars (and match-operators return values in list context) will be tainted if the input thats matched against was tainted -- no re 'taint'; is used to disable these effects for certain code blocks.

AFAI understand this, the purpose of this module is to tighten security in taint-mode a bit – you can only untaint data in blocks in which no re 'tain' is active...

regards,
tomte

An intellectual is someone whose mind watches itself.
-- Albert Camus

Comment on Re^2: use taint Select or Download Code

Replies are listed 'Best First'.
Re^3: use taint by hardburn (Abbot) on Jun 23, 2004 at 12:35 UTC
Right, `use re 'taint';` doesn't appear to do anything useful: `$ perl -e 'use re "taint"; open FH, pop; close FH;' ">somefile" $ perl -T -e 'open FH, pop; close FH;' ">somefile" Insecure dependency in open while running with -T switch at -e line 1. $ perl -v This is perl, v5.8.2 built for i686-linux . . .` [download] It's purpose is basically so you can have the orthagonal operation, `no re 'taint';`, which is useful (sort of . . . ). ---- send money to your kernel via the boot loader.. This and more wisdom available from Markov Hardburn.	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^3: use taint
by hardburn (Abbot) on Jun 23, 2004 at 12:35 UTC

Right, use re 'taint'; doesn't appear to do anything useful:

$ perl -e 'use re "taint"; open FH, pop; close FH;' ">somefile"
$ perl -T -e 'open FH, pop; close FH;' ">somefile"
Insecure dependency in open while running with -T switch at -e line 1.
$ perl -v

This is perl, v5.8.2 built for i686-linux
 . . .
[download]

It's purpose is basically so you can have the orthagonal operation, no re 'taint';, which is useful (sort of . . . ).

----
send money to your kernel via the boot loader.. This and more wisdom available from Markov Hardburn.

[reply]
[d/l]
[select]