[perl #39733] $AUTOLOAD is never tainted

Front page | perl.perl5.porters | Postings from July 2006

[perl #39733] $AUTOLOAD is never tainted

Thread Next

From:

Rick Delaney

Date:

July 6, 2006 00:54

Subject:

[perl #39733] $AUTOLOAD is never tainted

# New Ticket Created by  Rick Delaney 
# Please include the string:  [perl #39733]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=39733 >



This is a bug report for perl from rick@bort.ca,
generated with the help of perlbug 1.35 running under perl v5.8.8.


-----------------------------------------------------------------
$AUTOLOAD appears to be unable to be tainted.  This can be a 
problem in a script like the following which should die the 
same way on any input, but doesn't.

rick@biff:~/perl[33]% cat taintbug.pl                        
#!/usr/bin/perl -T

$m = shift;
main->$m;

sub ok { kill 0, $m }
sub AUTOLOAD { kill 0, $AUTOLOAD }
rick@biff:~/perl[34]% perl -T taintbug.pl ok
Insecure dependency in kill while running with -T switch at taintbug.pl line 6.
rick@biff:~/perl[35]% perl -T taintbug.pl not ok
rick@biff:~/perl[36]%



-----------------------------------------------------------------
---
Flags:
    category=core
    severity=high
---
Site configuration information for perl v5.8.8:

Configured by Debian Project at Thu Apr  6 00:35:33 UTC 2006.

Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
  Platform:
    osname=linux, osvers=2.6.16-1-vserver-amd64-k8, archname=x86_64-linux-gnu-thread-multi
    uname='linux athlon 2.6.16-1-vserver-amd64-k8 #2 smp wed mar 29 05:33:03 utc 2006 x86_64 gnulinux '
    config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.8 -Darchlib=/usr/lib/perl/5.8 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.8.8 -Dsitearch=/usr/local/lib/perl/5.8.8 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Uusesfio -Uusenm -Duseshrplib -Dlibperl=libperl.so.5.8.8 -Dd_dosuid -des'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=define use5005threads=undef useithreads=define usemultiplicity=define
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=define use64bitall=define uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBIAN -fno-strict-aliasing -pipe -I/usr/local/include'
    ccversion='', gccversion='4.0.3 (Debian 4.0.3-1)', gccosandvers=''
    intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
    ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=8, prototype=define
  Linker and Libraries:
    ld='cc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
    perllibs=-ldl -lm -lpthread -lc -lcrypt
    libc=/lib/libc-2.3.6.so, so=so, useshrplib=true, libperl=libperl.so.5.8.8
    gnulibc_version='2.3.6'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
    cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:
    

---
@INC for perl v5.8.8:
    /etc/perl
    /usr/local/lib/perl/5.8.8
    /usr/local/share/perl/5.8.8
    /usr/lib/perl5
    /usr/share/perl5
    /usr/lib/perl/5.8
    /usr/share/perl/5.8
    /usr/local/lib/site_perl
    /usr/local/lib/perl/5.8.7
    /usr/local/share/perl/5.8.7
    /usr/local/lib/perl/5.8.4
    /usr/local/share/perl/5.8.4
    .

---
Environment for perl v5.8.8:
    HOME=/home/rick
    LANG=en_US
    LANGUAGE=en_CA:en_US:en_GB:en
    LC_COLLATE=C
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/rick/bin
    PERL_BADLANG (unset)
    SHELL=/bin/zsh

Thread Next

[perl #39733] $AUTOLOAD is never tainted by Rick Delaney

[PATCH blead] Re: [perl #39733] $AUTOLOAD is never tainted by Rick Delaney

Re: [PATCH blead] Re: [perl #39733] $AUTOLOAD is never tainted by Rafael Garcia-Suarez
Re: [PATCH blead] Re: [perl #39733] $AUTOLOAD is never tainted by hv

Re: [PATCH blead] Re: [perl #39733] $AUTOLOAD is never tainted by Rick Delaney

Re: [PATCH blead] Re: [perl #39733] $AUTOLOAD is never tainted by hv

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About