PATCH: untaint method for IO::Handle, 5.003_06 version

This is a re-post of my patch to Graham's IO library to add a method in
IO::Handle called "untaint", that sets the IOf_UNTAINT flag on an object
that is of or inherits from IO::Handle. With this flag set, data read from
said handle is not tainted, whether running under -T, suid or sgid.

This patch adds the method to IO.xs, adds documentation and warning to the
pod of IO/Handle.pm, creates a new test in t/lib called io_taint.t, and
adds mention of the new file to MANIFEST.

Test suite for the untaint method of class IO::Handle.

1 files changed, 48 insertions, 0 deletions

diff --git a/t/lib/io_taint.t b/t/lib/io_taint.t
new file mode 100644
index 0000000000..698db45c72
--- /dev/null
+++ b/t/lib/io_taint.t
@@ -0,0 +1,48 @@
+#!./perl -T
+
+BEGIN {
+    unless(grep /blib/, @INC) {
+	chdir 't' if -d 't';
+	@INC = '../lib' if -d '../lib';
+    }
+}
+
+use Config;
+
+BEGIN {
+    if(-d "lib" && -f "TEST") {
+        if ($Config{'extensions'} !~ /\bIO\b/ && $^O ne 'VMS') {
+	    print "1..0\n";
+	    exit 0;
+        }
+    }
+}
+
+END { unlink "./__taint__$$" }
+
+print "1..3\n";
+use IO::File;
+$x = new IO::File "> ./__taint__$$" || die("Cannot open ./__taint__$$\n");
+print $x "$$\n";
+$x->close;
+
+$x = new IO::File "< ./__taint__$$" || die("Cannot open ./__taint__$$\n");
+chop($unsafe = <$x>);
+eval { kill 0 * $unsafe };
+print "not " if ($@ !~ /^Insecure/o);
+print "ok 1\n";
+$x->close;
+
+# We could have just done a seek on $x, but technically we haven't tested
+# seek yet...
+$x = new IO::File "< ./__taint__$$" || die("Cannot open ./__taint__$$\n");
+$x->untaint;
+print "not " if ($?);
+print "ok 2\n"; # Calling the method worked
+chop($unsafe = <$x>);
+eval { kill 0 * $unsafe };
+print "not " if ($@ =~ /^Insecure/o);
+print "ok 3\n"; # No Insecure message from using the data
+$x->close;
+
+exit 0;