develooper Front page | perl.perl5.porters | Postings from August 2010

Re: [perl #76872] perl debugger not working in taint mode

Thread Previous
From:
Dave Mitchell
Date:
August 25, 2010 04:28
Subject:
Re: [perl #76872] perl debugger not working in taint mode
Message ID:
20100825112846.GF20209@iabyn.com
On Sat, Jul 31, 2010 at 05:56:17AM -0700, sangamesh M wrote:
> Getting Insecure dependency error when used perl debugger with taint mode
> /usr/bin/perl -wT . This issue seems to be common in all the platforms as i
> tested it in aix and linux. it appears in latest perl also, in perl-5.12.1
> and 5.10.0, 5.10.1.
> not facing any issue in perl-5.8.8.

This is now fixed in bleadperl with the commit below:

commit 07004ebbe530fe5ce1c67e63c0b8e1c0aa77b3b9
Author:     David Mitchell <davem@iabyn.com>
AuthorDate: Wed Aug 25 12:15:41 2010 +0100
Commit:     David Mitchell <davem@iabyn.com>
CommitDate: Wed Aug 25 12:15:41 2010 +0100

    don't taint $DB::sub
    
    [perl #76872] showed a case where code like the following, run under -d,
    would cause $DB::sub to get set:
    
        $tainted_expression && func()
    
    The tainted expression sets PL_tainted, so calling func() under -d, which
    sets $DB::sub, causes it to get tainted.
    
    Consequently any further sub calls would set PL_tainted while getting the
    old value of $DB::sub (and cause the new value to be tainted too), and if
    the sub was XS, then its code would be executed with PL_tainted set.
    It isn't an issue with perl subs as the first nextstate op resets
    PL_tainted.

M       MANIFEST
M       lib/perl5db.t
A       lib/perl5db/t/taint
M       util.c


-- 
The optimist believes that he lives in the best of all possible worlds.
As does the pessimist.

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About