in reply to taint problems in utf8_heavy

Maybe the insecure dependency is not a tainted $file, but something else. For instance, @INC is used by do and require.

Has @INC eventually been pushed a tainted variable, somewhere?

--shmem 

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Replies are listed 'Best First'.
Re^2: taint problems in utf8_heavy
by duckyd (Hermit) on Aug 23, 2006 at 23:17 UTC
    I'd suspect that it's not $file that's the issue, but rather the contents of the file. do $file will execute whatever code is in the file, and it's awfully hard to be sure there's not something malicious in there.
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom