Re^2: When not to use taint mode

you might like to verify that it works flawlessly in taint mode

Understanding how to use taint mode and practically doing so are high on my todo list.
Once I am clear about that, I shall test the only module I have on CPAN.

Just to check my understanding - because taint mode is turned on when Perl is called, turning it on for the script will turn it on for everything including every module that is used by the script. Is that correct?

Comment on Re^2: When not to use taint mode

Replies are listed 'Best First'.
Re^3: When not to use taint mode by hippo (Archbishop) on Jun 14, 2021 at 12:44 UTC
turning it on for the script will turn it on for everything including every module that is used by the script. Is that correct? Correct. eg: `$ cat ptt.pl use strict; use warnings; use Path::Tiny; path ($ARGV[0])->spew (@ARGV); $ perl -T ptt.pl foo Insecure dependency in sysopen while running with -T switch at /usr/sh +are/perl5/vendor_perl/Path/Tiny.pm line 830. $` [download] It would be of rather limited use otherwise. 🦛	[reply] [d/l]

Replies are listed 'Best First'.

Re^3: When not to use taint mode
by hippo (Archbishop) on Jun 14, 2021 at 12:44 UTC

turning it on for the script will turn it on for everything including every module that is used by the script. Is that correct?

Correct. eg:

$ cat ptt.pl 
use strict;
use warnings;
use Path::Tiny;

path ($ARGV[0])->spew (@ARGV);
$ perl -T ptt.pl foo
Insecure dependency in sysopen while running with -T switch at /usr/sh
+are/perl5/vendor_perl/Path/Tiny.pm line 830.
$
[download]

It would be of rather limited use otherwise.

🦛

[reply]
[d/l]