diff options
| author | Perl 5 Porters <perl5-porters@africa.nicoh.com> | 1997-02-22 04:41:00 +1200 |
|---|---|---|
| committer | Chip Salzenberg <chip@atlantic.net> | 1997-02-22 04:41:00 +1200 |
| commit | aa6893958c2bfb6fa4ab923c8466c188c65748fd (patch) | |
| tree | 012b1f5dd2622b8c322606df0fa2de1a7ec582b1 /pod/perlsec.pod | |
| parent | d53f8f1cc3de155a009198bbc7c01e2741aa70ac (diff) | |
| download | perl-aa6893958c2bfb6fa4ab923c8466c188c65748fd.tar.gz | |
[inseparable changes from patch from perl5.003_27 to perl5.003_28]
CORE LANGUAGE CHANGES
Subject: Don't let C<sub foo;> undefine &foo
From: Chip Salzenberg <chip@perl.com>
Files: op.c
Subject: Make code, doc agree on $ENV{PATH} and `cmd`
From: Chip Salzenberg <chip@perl.com>
Files: pod/perlsec.pod pp_sys.c
Subject: Optimize keys() and values() in void context
From: Chip Salzenberg <chip@perl.com>
Files: doop.c op.c
CORE PORTABILITY
Subject: VMS patches post _27
Date: Thu, 20 Feb 1997 01:58:46 -0500 (EST)
From: Charles Bailey <bailey@HMIVAX.HUMGEN.UPENN.EDU>
Files: MANIFEST dosish.h hv.c lib/ExtUtils/MM_VMS.pm lib/ExtUtils/xsubpp perl.c perlsdio.h pod/perldelta.pod pod/perlvar.pod t/op/closure.t unixish.h vms/Makefile vms/descrip.mms vms/ext/filespec.t vms/genconfig.pl vms/vms.c vms/vmsish.h
private-msgid: <01IFMEMPN1IU0057E2@hmivax.humgen.upenn.edu>
Subject: Re: OS/2 patch for _27
Date: Thu, 20 Feb 1997 19:24:16 -0500 (EST)
From: Ilya Zakharevich <ilya@math.ohio-state.edu>
Files: INSTALL README.os2 lib/Test/Harness.pm os2/Changes os2/OS2/PrfDB/t/os2_prfdb.t os2/os2.c os2/os2ish.h os2/perl2cmd.pl perl.c pod/perldelta.pod t/TEST t/harness t/op/magic.t
Msg-ID: <199702210024.TAA03174@monk.mps.ohio-state.edu>
(applied based on p5p patch as commit 833d3f255ed68b969f062cec63d33f853ed9237c)
DOCUMENTATION
Subject: INSTALL updates since _26
Date: Tue, 18 Feb 1997 16:00:08 -0500 (EST)
From: Andy Dougherty <doughera@fractal.phys.lafayette.edu>
Files: INSTALL
Msg-ID: <Pine.SOL.3.95q.970218155815.2014F-100000@fractal.lafayette.e
(applied based on p5p patch as commit a8247d96fd6167a3b920e63aedee5592cd6e29a7)
Subject: Document "$$0" change
From: Chip Salzenberg <chip@perl.com>
Files: pod/perldelta.pod
Subject: Don't recommend impossible //o for C<$x =~ $y>
From: Chip Salzenberg <chip@perl.com>
Files: pod/perlop.pod
Subject: Correct doc that claimed that <FH> was never false
From: Chip Salzenberg <chip@perl.com>
Files: pod/perldelta.pod pod/perlop.pod
Subject: Document C<$?> vs. $SIG{CHLD}
From: Ulrich Pfeifer <pfeifer@charly.informatik.uni-dortmund.de>
Files: pod/perlvar.pod
Subject: Add pumpkin.pod
From: Chip Salzenberg <chip@perl.com>
Files: MANIFEST Porting/pumpkin.pod
Subject: Don't say "associat*ve arr*y"
From: Chip Salzenberg <chip@perl.com>
Files: MANIFEST gv.h hv.c lib/Env.pm lib/overload.pm opcode.pl pod/perl.pod pod/perldelta.pod pod/perldiag.pod pod/perlfunc.pod pod/perlguts.pod pod/perlmod.pod pod/perltie.pod pod/perltoc.pod pod/perltrap.pod x2p/a2p.pod
OTHER CORE CHANGES
Subject: Fix a typo
From: Chip Salzenberg <chip@perl.com>
Files: pp_sys.c
Subject: Fix perl_call_sv(..., G_NOARGS)
From: Chip Salzenberg <chip@perl.com>
Files: perl.c
Subject: Fix SIGSEGV when cloning sub with complex expression
From: Chip Salzenberg <chip@perl.com>
Files: op.c
Diffstat (limited to 'pod/perlsec.pod')
| -rw-r--r-- | pod/perlsec.pod | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/pod/perlsec.pod b/pod/perlsec.pod index 2324b8a373..5961200f4d 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -20,11 +20,10 @@ mode explicitly by using the B<-T> command line flag. This flag is I<strongly> suggested for server programs and any program run on behalf of someone else, such as a CGI script. -While in this mode, Perl takes special precautions called I<taint -checks> to prevent both obvious and subtle traps. Some of these checks -are reasonably simple, such as verifying that path directories aren't -writable by others; careful programmers have always used checks like -these. Other checks, however, are best supported by the language itself, +While in this mode, Perl takes special precautions called I<taint checks> to +prevent both obvious and subtle traps. Some of these checks are reasonably +simple, such as not blindly using the PATH inherited from one's parent +process. Other checks, however, are best supported by the language itself, and it is these checks especially that contribute to making a setuid Perl program more secure than the corresponding C program. @@ -145,15 +144,13 @@ block. See L<perllocale/SECURITY> for further discussion and examples. =head2 Cleaning Up Your Path For "Insecure C<$ENV{PATH}>" messages, you need to set C<$ENV{'PATH'}> to a -known value, and each directory in the path must be non-writable by others -than its owner and group. You may be surprised to get this message even -if the pathname to your executable is fully qualified. This is I<not> -generated because you didn't supply a full path to the program; instead, -it's generated because you never set your PATH environment variable, or -you didn't set it to something that was safe. Because Perl can't -guarantee that the executable in question isn't itself going to turn -around and execute some other program that is dependent on your PATH, it -makes sure you set the PATH. +known value. You may be surprised to get this message even if the pathname +to your executable is fully qualified. This is I<not> generated because you +didn't supply a full path to the program; instead, it's generated because +you never set your PATH environment variable. Because Perl can't guarantee +that the executable in question isn't itself going to turn around and +execute some other program that is dependent on your PATH, it makes sure you +set the PATH. It's also possible to get into trouble with other operations that don't care whether they use tainted values. Make judicious use of the file |