develooper Front page | perl.perl5.porters | Postings from April 2008

Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT)

Thread Previous | Thread Next
Rafael Garcia-Suarez
April 15, 2008 07:01
Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT)
Message ID:
On 15/04/2008, Paul Fenwick <> wrote:
>  I personally find it chilling to think that taint mode could be turned on
> part-way through a program, where I've potentially already loaded code that
> I didn't want (via PERL5LIB), and all the data I'd like to check (eg, user
> or network input) has already been marked as clean.  I would much rather
> perl leave the taint switch off when changing unix privileges, so ${^TAINT}
> can reliably indicate if we started in taint mode.
>  Perl requires that a program with -T on the shebang line must also be
> started with -T on the command line for this very reason.  I certainly hope
> we're not planning to change that behaviour!

We're not !

>  I still maintain that changing perl's tainting behaviour after it's already
> started is a bug, and breaks the fundamental design principles of taint.


Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About