develooper Front page | perl.perl5.porters | Postings from August 2021

Pre-RFC: Configure option for whether to include taint support

Thread Next
From:
Neil Bowers
Date:
August 12, 2021 22:19
Subject:
Pre-RFC: Configure option for whether to include taint support
Message ID:
957e19a5-434e-43ad-823a-6509ebecf118@Spark
Back in 2012, Steffen Mueller did some experimenting and found that taint adds somewhere between 10% and 20% runtime overhead:
	https://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193822.html
As you can see, there was some discussion at that time, but it didn’t seem to go anywhere. This has come up again as a result of the Quirks document, and we discussed it in last week’s PSC meeting.

Anecdotally, very few people use taint (these days), yet we’re all paying the price. Furthermore, taint causes problems on Windows. For example, File::Spec is broken on Windows when used with Taint mode on, because Taint mode restricts use of environment variables (which doesn't protect anything). See also this reddit discussion[1], on the problems with taint.

We’d like to consider adding a Configure option for disabling taint mode. We see this as a potential first step to having this disabled by default, and then possibly removing support for taint entirely.

We’re interested in hearing thoughts on this.

Neil

[1] https://www.reddit.com/r/perl6/comments/718z4o/taint_mode_for_perl_6/dnmu83i/

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About