[perl #68600] Tainting $! breaks the string part of its magic in 5.8.9 and later

Front page | perl.perl5.porters | Postings from August 2009

[perl #68600] Tainting $! breaks the string part of its magic in 5.8.9 and later

From:

David Taylor

Date:

August 18, 2009 04:03

Subject:

[perl #68600] Tainting $! breaks the string part of its magic in 5.8.9 and later

Message ID:

rt-3.6.HEAD-2466-1250516596-258.68600-75-0@perl.org

# New Ticket Created by  David Taylor 
# Please include the string:  [perl #68600]
# in the subject line of all future correspondence about this issue. 
# <URL: http://rt.perl.org/rt3/Ticket/Display.html?id=68600 >


If a tainted value is assigned to $!, subsequent $! reads return the
numeric errno in both string and number contexts, until the taint
magic is removed from $! by assigning something untainted to it.

# without -T
$ perl -e '$! = substr("0".join("", %ENV), 0, 1); open my $f, "<",
"..."; print "$!\n"'
No such file or directory

# same thing with -T
$ perl -Te '$! = substr("0".join("", %ENV), 0, 1); open my $f, "<",
"..."; print "$!\n"'
2

Observed in Perls 5.8.9, 5.10.0, 5.10.1-RC1.  5.8.8 and earlier are
not effected.

[perl #68600] Tainting $! breaks the string part of its magic in 5.8.9 and later by David Taylor

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About