develooper Front page | perl.perl5.porters | Postings from October 2003

Re: [perl #24291] Taint checking against the wrong environment

Thread Previous | Thread Next
October 26, 2003 15:33
Re: [perl #24291] Taint checking against the wrong environment
Message ID:
In article <20031027002524.7b444942.rgarciasuarez@_ree._r>,
	Rafael Garcia-Suarez <> writes:
> Maybe do nothing and let people shoot in their feet.
> Maybe just forbid aliasing *ENV at all. (with the collateral damage
> on $ENV etc.) (or couldn't this chained alias thing be solved
> by looking at the GvEGV ?)

Crashing, dieing, compile erors  etc. are all solutions (though
certainly not my preferred solutions), but doing nothing isn't
acceptable since it's a potential security hole.

(my expectation and preferred solution was already mentioned in my
previous message)

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About