Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT)

Paul Fenwick wrote:

> Now let's imagine it's running setuid, and taint-mode is not automatically
> enabled.  I can own your machine with:
> 
>     PERL5LIB=/home/h4x0r/p5lib ./hello.pl
> 
> The contents of /home/h4x0r/p5lib/strict.pm is left as an exercise for the
> reader.

PERL5LIB is ignored when tainting is active.

David

• Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Bram
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Paul Fenwick
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Nicholas Clark
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Paul Fenwick
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Rafael Garcia-Suarez
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Nicholas Clark
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Nicholas Clark
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Paul Fenwick
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Nicholas Clark
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Paul Fenwick
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by David Landgren
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Paul Fenwick
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Rick Delaney
• Re: Taint (PL_tainting, SvTAINTED_on, SvTAINTED_off, SvTAINT) by Paul Szabo