develooper Front page | perl.perl5.porters | Postings from April 2007

Re: Tainted coderefs and other things

Thread Previous | Thread Next
Andy Lester
April 29, 2007 06:36
Re: Tainted coderefs and other things
Message ID:

On Apr 29, 2007, at 6:46 AM, Ovid wrote:

> Hmm, Leon Brocard just asked me the obvious question:  how would you
> untaint it?  I suspect there is no way to taint coderefs.

Indeed, there is no way to taint any kind of reference.  From perlsec:

    All com-
    mand line arguments, environment variables, locale information  
(see perllocale), results of certain system calls ("readdir()", "read-
    link()", the variable of "shmread()", the messages returned by  
"msgrcv()", the password, gcos and shell fields returned by the  
    calls), and all file input are marked as "tainted".

There's no way to have a reference that comes from the outside.

Andy Lester => => => AIM:petdance

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About