diff options
| author | Mike Guy <mjtg@cam.ac.uk> | 2003-12-19 17:17:11 +0000 |
|---|---|---|
| committer | Rafael Garcia-Suarez <rgarciasuarez@gmail.com> | 2003-12-21 21:29:47 +0000 |
| commit | 595bde10f833ec6ce0053cdb47ce14644ea67e2d (patch) | |
| tree | 85d5935181316f0f028641b1e2089d986e85301f /pod/perlsec.pod | |
| parent | dbb46ceca0074efa8ff2e0c27b76d1ec7968da80 (diff) | |
| download | perl-595bde10f833ec6ce0053cdb47ce14644ea67e2d.tar.gz | |
[perl #24651] Taint bug with multiple backticks in ref consturctors
Message-Id: <E1AXOFT-0007DE-7q@draco.cus.cam.ac.uk>
p4raw-id: //depot/perl@21942
Diffstat (limited to 'pod/perlsec.pod')
| -rw-r--r-- | pod/perlsec.pod | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/pod/perlsec.pod b/pod/perlsec.pod index 89489027e1..5a09e32d8e 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -65,12 +65,14 @@ in which case they are able to run arbitrary external code. =back -The value of an expression containing tainted data will itself be -tainted, even if it is logically impossible for the tainted data to -affect the value. +For efficiency reasons, Perl takes a conservative view of +whether data is tainted. If an expression contains tainted data, +any subexpression may be considered tainted, even if the value +of the subexpression is not itself affected by the tainted data. Because taintedness is associated with each scalar value, some -elements of an array can be tainted and others not. +elements of an array or hash can be tainted and others not. +The keys of a hash are never tainted. For example: @@ -133,7 +135,7 @@ To test whether a variable contains tainted data, and whose use would thus trigger an "Insecure dependency" message, you can use the tainted() function of the Scalar::Util module, available in your nearby CPAN mirror, and included in Perl starting from the release 5.8.0. -Or you may be able to use the following I<is_tainted()> function. +Or you may be able to use the following C<is_tainted()> function. sub is_tainted { return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 }; @@ -147,7 +149,8 @@ approach is used that if any tainted value has been accessed within the same expression, the whole expression is considered tainted. But testing for taintedness gets you only so far. Sometimes you have just -to clear your data's taintedness. The only way to bypass the tainting +to clear your data's taintedness. Values may be untainted by using them +as keys in a hash; otherwise the only way to bypass the tainting mechanism is by referencing subpatterns from a regular expression match. Perl presumes that if you reference a substring using $1, $2, etc., that you knew what you were doing when you wrote the pattern. That means using |