develooper Front page | perl.perl5.porters | Postings from October 1999

Re: printf is tainted!?

Thread Previous | Thread Next
From:
Gurusamy Sarathy
Date:
October 23, 1999 18:22
Subject:
Re: printf is tainted!?
Message ID:
199910240127.SAA13835@activestate.com
On Sat, 23 Oct 1999 16:53:05 MDT, Tom Christiansen wrote:
>I read this in perlfunc:
>
>   To cope with broken systems that allow the standard locales to
>   be overridden by malicious users, the return value may be tainted
>   if any of the floating point formats are used and the conversion
>   yields something that doesn't look like a normal C-locale floating
>   point number.  This happens regardless of whether `use locale' is in
>   effect or not.
>
>Let us imagine that this is astonishing but true.  Shouldn't it be
>in perlsec?  And shouldn't it be in perldelta?

I don't really think the tainting behavior makes much sense.  See
the thread starting at:

http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/1999-09/msg00736.html


Sarathy
gsar@ActiveState.com

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About