in reply to Re^5: Untaint a string match, regular expression.
in thread Untaint a string match, regular expression.

How do ppl know there isn't one? The default is to assume there is and this is held above hoping there isn't. perlsec has a good indication that it's probably not a good idea. If that's true then what should users turn to?

From what I understand of the three bad things only two are un-accounted for.

  1. Execution arbitrary code. Not likely, perl works to prevent this.
  2. Taking up huge ammounts of memory.
  3. Taking longer than time its self to complete.
  • Comment on Re^6: Untaint a string match, regular expression.

Replies are listed 'Best First'.
Re^7: Untaint a string match, regular expression.
by Anonymous Monk on May 18, 2015 at 01:11 UTC

    Taking up huge ammounts of memory. Taking longer than time its self to complete.

    That is easy, let parent monitor child process, kill it if it breaches time/memory limits.... use OS specific process controls where available (ulimit -a and what not)

[reply]

In Section Seekers of Perl Wisdom