develooper Front page | perl.perl5.porters | Postings from December 2001

Taint check dynamic method calls and symbolic refs?

Thread Next
Michael G Schwern
December 29, 2001 13:43
Taint check dynamic method calls and symbolic refs?
Message ID:
Just caught this conversation on #perl.

<sadMerlyn> the SOAP::Lite bug is detailed at 
<sadMerlyn> basically, any use of SOAP::Lite trusts the method names, and 
            can be used to execute arbitrary subroutines with arbitrary 
<lathos> Oh dear.
<sadMerlyn> the author didn't know that $a = "Foo::Bar", $b->$a(@x) 
            invokes Foo::Bar
<sadMerlyn> thought it could only exceute $b methods, apparently
<sadMerlyn> and taint mode didn't help

Which raises the question, why didn't taint mode help?

So would it be a good idea to make $obj->$tainted(@args) a taint
violation along with $tainted->(@args) and basically any other use of
a tainted variable as a symbolic reference?  Seems Ripe For Evil.


Michael G. Schwern   <>
Perl Quality Assurance	    <>	       Kwalitee Is Job One
Our business in life is not to succeed but to continue to fail in high spirits.
		-- Robert Louis Stevenson

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About