Re: [BUG] taint seeps

Front page | perl.perl5.porters | Postings from October 1999

Thread Previous | Thread Next

From:

M.J.T. Guy

Date:

October 26, 1999 05:58

Subject:

Re: [BUG] taint seeps

Message ID:

E11g6B4-0007lP-00@taurus.cus.cam.ac.uk

Hugo <hv@crypt.compulink.co.uk> wrote
   [ about the leaking of taintedness ]

I had always understood this as a feature, because Perl only does
a very limited data flow analysis.    Specifically, once a tainted
value has been encountered within an expression, all subsequent values
generated in the expression are assumed to be tainted.

Doing anything more complicated would be very expensive  -  presumably
there'd have to be a separate taint flag for each subexpression or
something.

And this _is_ documented, even if obliquely, in perlsec:

                                               Any variable set
to a value derived from tainted data will itself be tainted,
even if it is logically impossible for the tainted data
to alter the variable.


Mike Guy

Thread Previous | Thread Next

[BUG] taint seeps by Hugo

Re: [BUG] taint seeps by M.J.T. Guy

Re: [BUG] taint seeps by Hugo

Re: [BUG] taint seeps by M.J.T. Guy

Smoke 18843 linux 2.4.18-bf2.4 /home/abigail/Src/perl-5.9.0 by abigail

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About