Front page | perl.perl5.porters |
Postings from April 2008
On 15/04/2008, Paul Fenwick <pjf@perltraining.com.au> wrote:
> I personally find it chilling to think that taint mode could be turned on
> part-way through a program, where I've potentially already loaded code that
> I didn't want (via PERL5LIB), and all the data I'd like to check (eg, user
> or network input) has already been marked as clean. I would much rather
> perl leave the taint switch off when changing unix privileges, so ${^TAINT}
> can reliably indicate if we started in taint mode.
>
> Perl requires that a program with -T on the shebang line must also be
> started with -T on the command line for this very reason. I certainly hope
> we're not planning to change that behaviour!
We're not !
> I still maintain that changing perl's tainting behaviour after it's already
> started is a bug, and breaks the fundamental design principles of taint.
Ditto.
Thread Previous
|
Thread Next