in reply to Re^4: Insecure dependency in open
in thread Insecure dependency in open

Taint should be used when the caller of the script is different than the person who owns the script. setuid scripts, CGI scripts, etc. should use it. The environment, files, STDIN, command line arguments, etc are controlled by the caller and cannot be trusted. To allow the user to specify a file name (for example) could allow him to read and/or modify files to which he normally would not have access.

Replies are listed 'Best First'.
Re^6: Insecure dependency in open
by argv (Pilgrim) on Jan 22, 2007 at 19:21 UTC
    Yes, I know the doc. I'm just asking why STDIN is part of that group, especially for -t STDIN.

    Dan Heller
    http://www.danheller.com
[reply]
[d/l]

      I already explained and I even gave you an example. I don't know what more you want. Give me an idea?

      In the most basic of terms, -T means don't trust the user. The user controls STDIN, so it must not be trusted.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom