Re: disable taint for just one sub

I do not think you can disable taint checking, but you can untaint a variable by matching it into a regex, and using $1. So, if you must subvert taint checking, a function like the following would let you untaint the variables you are going to (eventually) use for the bind() call :

sub untaint {
    my (@refs) = @_;
    my $cnt++;
    foreach my $RvSv (@refs) {
        ${$RvSv} =~ m/^.*$/;
        ${$RvSv} = $1;
        $cnt++;
    }
    return($cnt);
}

## use as
$untained_count = untaint(\$a,\$b);
[download]

although, i would suggest actually using the regex to check that the data is valid (be it numeric, string, or whatever) ... thats what taint checking is for, and why the regex works.

remeber the immortal word's of Socrates who said, "I drank what ?"

Comment on Re: disable taint for just one sub Select or Download Code

Replies are listed 'Best First'.
Re: Re: disable taint for just one sub by AidanLee (Chaplain) on Jul 23, 2001 at 19:15 UTC
I believe the problem khippy is running into is using external modules that are not Taint-safe. I do not personally have guidance for him on what to do about this, though one thought is to pester the author to make their module taint-safe, or better yet, offer to help them do this.	[reply]
Re: Re: Re: disable taint for just one sub by John M. Dlugosz (Monsignor) on Jul 24, 2001 at 01:33 UTC
You could instantiate that object in another process by using Windows Script Components.	[reply]
Re: Re: disable taint for just one sub by khippy (Scribe) on Jul 23, 2001 at 18:34 UTC
I am very sorry, but I can't image how to build that code into the following structure of Net::Print: `Use Net::Printer; # Create new Printer Object $lineprinter = new Net::Printer( use Net::Printer; # Create new Printer Object $lineprinter = new Net::Printer( filename=>"/home/jdoe/myfile.txt", printer => "lp", server => "printserver", port => 515, lineconvert => "YES" ); # Print the file $result = $lineprinter->printfile();` [download] I'd appreciate any help concerning that. there are no silly questions killerhippy	[reply] [d/l]
(ichimunki)Re: disable taint for just one sub by ichimunki (Priest) on Jul 23, 2001 at 20:55 UTC
You'll have to figure out where in Net::Printer it is inheriting the tainted data, as it is not from your calls to the Net::Printer methods-- I assume you are untainting things before you use them. Probably Net::Printer is using an environement variable or two. You have then three choices, either set the specific $ENV{key} from within your script, or auto-detaint all $ENV{keys} using the methods shown in the other writeups in this node wrapped in `foreach my $key (keys %ENV) {...}` , or rewrite the module to be taint-safe.	[reply] [d/l]