Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT)

On Fri, Mar 14, 2008 at 03:32:19AM +1100, Paul Fenwick wrote:

> Jumping exploits Batman!  Taint mode magically turns itself on after you've
> fiddled your RUID?  That's closing the gate after the exploited horse has
> bolted.

Well, it seems to be something Larry wanted:

http://public.activestate.com/cgi-bin/perlbrowse/b;p=524,2687/mg.c@1528#L

and (as best I can work out that code) it gets turned on automatically
whenever you're not root, and either your user IDs don't match, or your group
IDs don't match.

> The whole reason (IMNSHO) why taint needs -T on the shebang line is because
> perl *needs* to avoid all the nasty things we could be doing in an untrusted
> environment.  For example:

in addition to that. I'd infer that it's intended to add taint mode for people
who aren't aware of it, rather than to be any recommended way to enable taint.

> Having taint enable itself part way through a process means that users may
> think that's a _feature_, and be given a false sense of security.  Many of

I'm not convinced on the "false sense of security" part.
One could argue that taint mode itself gives it, as there are ways to subvert
it (accidentally or deliberately), and it's no substitute for thinking.

> | a) Is there a reason why SvTAINTED_on, SvTAINTED_off and SvTAINT check
> | if taint mode is enabled and
> 
> I assume it's for speed considerations.  If taint mode is off (on the
> assumption that it will never turn on), I imagine we save a great many
> cycles by skipping the unnecessary work.

And memory. Taintedness is stored in magic. Everything gets bigger:

$ perl -MDevel::Peek -e 'Dump $^X'
SV = PV(0x801150) at 0x800960
  REFCNT = 1
  FLAGS = (POK,pPOK)
  PV = 0x2045f0 "perl"\0
  CUR = 4
  LEN = 8
$ perl -T -MDevel::Peek -e 'Dump $^X'
SV = PVMG(0x80b080) at 0x800954
  REFCNT = 1
  FLAGS = (GMG,SMG,pPOK)
  IV = 0
  NV = 0
  PV = 0x204600 "perl"\0
  CUR = 4
  LEN = 8
  MAGIC = 0x204610
    MG_VIRTUAL = &PL_vtbl_taint
    MG_TYPE = PERL_MAGIC_taint(t)
    MG_LEN = 1

Nicholas Clark

• Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Bram
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Paul Fenwick
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Nicholas Clark
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Paul Fenwick
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Rafael Garcia-Suarez
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Nicholas Clark
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Nicholas Clark
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Paul Fenwick
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Nicholas Clark
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Paul Fenwick
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by David Landgren
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Paul Fenwick
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Rick Delaney
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Paul Szabo