develooper Front page | perl.perl5.porters | Postings from April 2007

Re: Tainted coderefs and other things

Thread Previous | Thread Next
From:
Andy Lester
Date:
April 29, 2007 06:36
Subject:
Re: Tainted coderefs and other things
Message ID:
84BF713B-5533-4771-A5A9-F6DAAE9B7775@petdance.com

On Apr 29, 2007, at 6:46 AM, Ovid wrote:

> Hmm, Leon Brocard just asked me the obvious question:  how would you
> untaint it?  I suspect there is no way to taint coderefs.

Indeed, there is no way to taint any kind of reference.  From perlsec:

    All com-
    mand line arguments, environment variables, locale information  
(see perllocale), results of certain system calls ("readdir()", "read-
    link()", the variable of "shmread()", the messages returned by  
"msgrcv()", the password, gcos and shell fields returned by the  
"getpwxxx()"
    calls), and all file input are marked as "tainted".

There's no way to have a reference that comes from the outside.


--
Andy Lester => andy@petdance.com => www.petdance.com => AIM:petdance





Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About