Front page | perl.perl5.porters |
Postings from August 2021
On Fri, Aug 13, 2021 at 12:27 AM Leon Timmermans <fawaka@gmail.com> wrote: > On Fri, Aug 13, 2021 at 12:19 AM Neil Bowers <neilb@neilb.org> wrote: > >> Back in 2012, Steffen Mueller did some experimenting and found that taint >> adds somewhere between 10% and 20% runtime overhead: >> https://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193822.html >> As you can see, there was some discussion at that time, but it didn’t >> seem to go anywhere. This has come up again as a result of the Quirks >> document, and we discussed it in last week’s PSC meeting. >> >> Anecdotally, very few people use taint (these days), yet we’re all paying >> the price. Furthermore, taint causes problems on Windows. For example, >> File::Spec is broken on Windows when used with Taint mode on, because Taint >> mode restricts use of environment variables (which doesn't protect >> anything). See also this reddit discussion[1], on the problems with taint. >> >> We’d like to consider adding a Configure option for disabling taint mode. >> We see this as a potential first step to having this disabled by default, >> and then possibly removing support for taint entirely. >> >> We’re interested in hearing thoughts on this. >> >> Neil >> >> [1] >> https://www.reddit.com/r/perl6/comments/718z4o/taint_mode_for_perl_6/dnmu83i/ >> > > Using -DNO_TAINT_SUPPORT as Steffen mentioned you can already build such a > perl. All we really need to do is add a Configure option so that it can > easily be disabled and so that code (especially tests) can keep it into > account. > > One open question is if SILENT_NO_TAINT_SUPPORT should be enabled along > with it. I would argue it should, without it many tests will refuse to even > start running. > Probably most of the work is making the test suite use that %Config option to skip any tests depending on it. LeonThread Previous | Thread Next