develooper Front page | perl.perl5.porters | Postings from October 1999

Re: [BUG] taint seeps

Thread Previous | Thread Next
From:
M.J.T. Guy
Date:
October 26, 1999 05:58
Subject:
Re: [BUG] taint seeps
Message ID:
E11g6B4-0007lP-00@taurus.cus.cam.ac.uk
Hugo <hv@crypt.compulink.co.uk> wrote
   [ about the leaking of taintedness ]

I had always understood this as a feature, because Perl only does
a very limited data flow analysis.    Specifically, once a tainted
value has been encountered within an expression, all subsequent values
generated in the expression are assumed to be tainted.

Doing anything more complicated would be very expensive  -  presumably
there'd have to be a separate taint flag for each subexpression or
something.

And this _is_ documented, even if obliquely, in perlsec:

                                               Any variable set
to a value derived from tainted data will itself be tainted,
even if it is logically impossible for the tainted data
to alter the variable.


Mike Guy

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About