develooper Front page | perl.perl5.porters | Postings from August 2010

Re: [perl #76872] perl debugger not working in taint mode

Thread Previous
Dave Mitchell
August 25, 2010 04:28
Re: [perl #76872] perl debugger not working in taint mode
Message ID:
On Sat, Jul 31, 2010 at 05:56:17AM -0700, sangamesh M wrote:
> Getting Insecure dependency error when used perl debugger with taint mode
> /usr/bin/perl -wT . This issue seems to be common in all the platforms as i
> tested it in aix and linux. it appears in latest perl also, in perl-5.12.1
> and 5.10.0, 5.10.1.
> not facing any issue in perl-5.8.8.

This is now fixed in bleadperl with the commit below:

commit 07004ebbe530fe5ce1c67e63c0b8e1c0aa77b3b9
Author:     David Mitchell <>
AuthorDate: Wed Aug 25 12:15:41 2010 +0100
Commit:     David Mitchell <>
CommitDate: Wed Aug 25 12:15:41 2010 +0100

    don't taint $DB::sub
    [perl #76872] showed a case where code like the following, run under -d,
    would cause $DB::sub to get set:
        $tainted_expression && func()
    The tainted expression sets PL_tainted, so calling func() under -d, which
    sets $DB::sub, causes it to get tainted.
    Consequently any further sub calls would set PL_tainted while getting the
    old value of $DB::sub (and cause the new value to be tainted too), and if
    the sub was XS, then its code would be executed with PL_tainted set.
    It isn't an issue with perl subs as the first nextstate op resets

M       lib/perl5db.t
A       lib/perl5db/t/taint
M       util.c

The optimist believes that he lives in the best of all possible worlds.
As does the pessimist.

Thread Previous Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About