Front page | perl.perl5.porters |
Postings from August 2010
On Sat, Jul 31, 2010 at 05:56:17AM -0700, sangamesh M wrote:
> Getting Insecure dependency error when used perl debugger with taint mode
> /usr/bin/perl -wT . This issue seems to be common in all the platforms as i
> tested it in aix and linux. it appears in latest perl also, in perl-5.12.1
> and 5.10.0, 5.10.1.
> not facing any issue in perl-5.8.8.
This is now fixed in bleadperl with the commit below:
commit 07004ebbe530fe5ce1c67e63c0b8e1c0aa77b3b9
Author: David Mitchell <davem@iabyn.com>
AuthorDate: Wed Aug 25 12:15:41 2010 +0100
Commit: David Mitchell <davem@iabyn.com>
CommitDate: Wed Aug 25 12:15:41 2010 +0100
don't taint $DB::sub
[perl #76872] showed a case where code like the following, run under -d,
would cause $DB::sub to get set:
$tainted_expression && func()
The tainted expression sets PL_tainted, so calling func() under -d, which
sets $DB::sub, causes it to get tainted.
Consequently any further sub calls would set PL_tainted while getting the
old value of $DB::sub (and cause the new value to be tainted too), and if
the sub was XS, then its code would be executed with PL_tainted set.
It isn't an issue with perl subs as the first nextstate op resets
PL_tainted.
M MANIFEST
M lib/perl5db.t
A lib/perl5db/t/taint
M util.c
--
The optimist believes that he lives in the best of all possible worlds.
As does the pessimist.
Thread Previous