develooper Front page | perl.perl5.porters | Postings from April 2010

Re: disabling runtime taint

Thread Previous
From:
Dave Mitchell
Date:
April 11, 2010 16:01
Subject:
Re: disabling runtime taint
Message ID:
20100411230054.GG3792@iabyn.com
On Mon, Mar 29, 2010 at 01:17:59PM +0100, Dave Mitchell wrote:
> In this thread from 2008:
> 
> http://groups.google.ca/group/perl.perl5.porters/browse_thread/thread/5c181925c0397071/fd5e8b57bed7eaa7
> 
> there was (I think) a general consensus reached that perl's automatic
> turning on of tainting in mid execution when assigning to $<, $>, $( or $),
> was a design flaw and should be removed.
> 
> If no one objects, I'll do this post 5.12.

Now done in davem/post-5.12:

If someone could give it a quick eyeball to make sure I haven't done
anything silly.

I'll add something to the perldelta later.

commit 11035fcf28d4d5fe35c7f6719dbd07b704a8f266
Author:     David Mitchell <davem@iabyn.com>
AuthorDate: Sun Apr 11 23:45:29 2010 +0100
Commit:     David Mitchell <davem@iabyn.com>
CommitDate: Sun Apr 11 23:58:11 2010 +0100

    remove 'enable taint if modify gid/uid' feature
    
    If at runtime you modify any of any the id variables $<, $>, $(, $),
    such that the id and effective id differ, perl used to enable tainting,
    even if -T wasn't specified at startup.
    
    This commit removes that feature. See
    
        http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2010-03/mail9.html
        RT #67260


Affected files ...
    
    M	mg.c

Differences ...

diff --git a/mg.c b/mg.c
index 39d608b..3fb8ec4 100644
--- a/mg.c
+++ b/mg.c
@@ -2645,7 +2645,6 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
 #endif
 #endif
 	PL_uid = PerlProc_getuid();
-	PL_tainting |= (PL_uid && (PL_euid != PL_uid || PL_egid != PL_gid));
 	break;
     case '>':
 	PL_euid = SvIV(sv);
@@ -2672,7 +2671,6 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
 #endif
 #endif
 	PL_euid = PerlProc_geteuid();
-	PL_tainting |= (PL_uid && (PL_euid != PL_uid || PL_egid != PL_gid));
 	break;
     case '(':
 	PL_gid = SvIV(sv);
@@ -2699,7 +2697,6 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
 #endif
 #endif
 	PL_gid = PerlProc_getgid();
-	PL_tainting |= (PL_uid && (PL_euid != PL_uid || PL_egid != PL_gid));
 	break;
     case ')':
 #ifdef HAS_SETGROUPS
@@ -2761,7 +2758,6 @@ Perl_magic_set(pTHX_ SV *sv, MAGIC *mg)
 #endif
 #endif
 	PL_egid = PerlProc_getegid();
-	PL_tainting |= (PL_uid && (PL_euid != PL_uid || PL_egid != PL_gid));
 	break;
     case ':':
 	PL_chopset = SvPV_force(sv,len);


-- 
Overhead, without any fuss, the stars were going out.
    -- Arthur C Clarke

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About