Taint shmread().

p4raw-id: //depot/cfgperl@5811

3 files changed, 20 insertions, 14 deletions

diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index 88655bed8f..52a6fba599 100644
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -212,6 +212,12 @@ Because the user can affect her own encrypted password and login shell
 the password and shell returned by the getpwent(), getpwnam(), and
 getpwuid() functions are tainted.
 
+=head2 The shmread() now taints its variable
+
+Because other (untrusted) processes can modify shared memory segments
+for their own nefarious purposes, the variable modified by shmread()
+becomes tainted.
+
 =back
 
 =head2 C Source Incompatibilities
diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod
index c4c7e3f554..cc84d737ce 100644
--- a/pod/perlfunc.pod
+++ b/pod/perlfunc.pod
@@ -4022,8 +4022,8 @@ detaching from it.  When reading, VAR must be a variable that will
 hold the data read.  When writing, if STRING is too long, only SIZE
 bytes are used; if STRING is too short, nulls are written to fill out
 SIZE bytes.  Return true if successful, or false if there is an error.
-See also C<IPC::SysV> documentation and the C<IPC::Shareable> module
-from CPAN.
+shmread() taints the variable. See also C<IPC::SysV> documentation and
+the C<IPC::Shareable> module from CPAN.
 
 =item shutdown SOCKET,HOW
 
diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index 713a89c02c..b271f7016c 100644
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -32,18 +32,18 @@ program more secure than the corresponding C program.
 You may not use data derived from outside your program to affect
 something else outside your program--at least, not by accident.  All
 command line arguments, environment variables, locale information (see
-L<perllocale>), results of certain system calls (readdir, readlink,
-the password, gcos and shell fields of the getpw* calls), and all file
-input are marked as "tainted".  Tainted data may not be used directly
-or indirectly in any command that invokes a sub-shell, nor in any
-command that modifies files, directories, or processes. (B<Important
-exception>: If you pass a list of arguments to either C<system> or
-C<exec>, the elements of that list are B<NOT> checked for
-taintedness.) Any variable set to a value derived from tainted data
-will itself be tainted, even if it is logically impossible for the
-tainted data to alter the variable.  Because taintedness is associated
-with each scalar value, some elements of an array can be tainted and
-others not.
+L<perllocale>), results of certain system calls (readdir(),
+readlink(), the variable of() shmread, the password, gcos and shell
+fields of the getpwxxx() calls), and all file input are marked as
+"tainted".  Tainted data may not be used directly or indirectly in any
+command that invokes a sub-shell, nor in any command that modifies
+files, directories, or processes. (B<Important exception>: If you pass
+a list of arguments to either C<system> or C<exec>, the elements of
+that list are B<NOT> checked for taintedness.) Any variable set to a
+value derived from tainted data will itself be tainted, even if it is
+logically impossible for the tainted data to alter the variable.
+Because taintedness is associated with each scalar value, some
+elements of an array can be tainted and others not.
 
 For example: