diff options
| author | Rick Delaney <rick@consumercontact.com> | 2002-02-24 06:35:00 -0500 |
|---|---|---|
| committer | Jarkko Hietaniemi <jhi@iki.fi> | 2002-02-24 18:28:31 +0000 |
| commit | 5254cc4ebfe680eb20fcae83e14a5000a644624d (patch) | |
| tree | 43027f0ab7e5888e61f0d32226f7a07e9c21fcc4 /pod | |
| parent | e86ffc7b11901184bd07debf598e04f57093a202 (diff) | |
| download | perl-5254cc4ebfe680eb20fcae83e14a5000a644624d.tar.gz | |
Re: taint news
Message-ID: <m3d6yuvnwr.fsf@cs839290-a.mtth.phub.net.cable.rogers.com>
p4raw-id: //depot/perl@14853
Diffstat (limited to 'pod')
| -rw-r--r-- | pod/perldiag.pod | 7 | ||||
| -rw-r--r-- | pod/perlsec.pod | 19 |
2 files changed, 19 insertions, 7 deletions
diff --git a/pod/perldiag.pod b/pod/perldiag.pod index 6d8e9407f7..acd5fc2d4a 100644 --- a/pod/perldiag.pod +++ b/pod/perldiag.pod @@ -4029,6 +4029,13 @@ use, or using a different name altogether. The warning can be suppressed for subroutine names by either adding a C<&> prefix, or using a package qualifier, e.g. C<&our()>, or C<Foo::our()>. +=item Use of tainted arguments in %s is deprecated + +(W taint) You have supplied C<system()> or C<exec()> with multiple +arguments and at least one of them is tainted. This used to be allowed +but will become a fatal error in a future version of perl. Untaint your +arguments. See L<perlsec>. + =item Use of uninitialized value%s (W uninitialized) An undefined value was used as if it were already diff --git a/pod/perlsec.pod b/pod/perlsec.pod index e8d44c3556..c86ac7c828 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -45,7 +45,10 @@ directories, or processes, B<with the following exceptions>: =item * If you pass more than one argument to either C<system> or C<exec>, -the arguments are B<not> checked for taintedness. +the arguments are checked for taintedness B<but> the operation will still +be attempted, emitting an optional warning. This will be fatal in a +future version of perl so do not rely on it to bypass the tainting +mechanism. =item * @@ -72,7 +75,8 @@ For example: $data = 'abc'; # Not tainted system "echo $arg"; # Insecure - system "/bin/echo", $arg; # Secure (doesn't use sh) + system "/bin/echo", $arg; # Allowed but considered insecure + # (Perl doesn't know about /bin/echo) system "echo $hid"; # Insecure system "echo $data"; # Insecure until PATH set @@ -87,17 +91,17 @@ For example: open(FOO, "< $arg"); # OK - read-only file open(FOO, "> $arg"); # Not OK - trying to write - open(FOO,"echo $arg|"); # Not OK, but... + open(FOO,"echo $arg|"); # Not OK open(FOO,"-|") - or exec 'echo', $arg; # OK + or exec 'echo', $arg; # Allowed but not really OK $shout = `echo $arg`; # Insecure, $shout now tainted unlink $data, $arg; # Insecure umask $arg; # Insecure - exec "echo $arg"; # Insecure (uses the shell) - exec "echo", $arg; # Secure (doesn't use the shell) + exec "echo $arg"; # Insecure + exec "echo", $arg; # Allowed but considered insecure exec "sh", '-c', $arg; # Considered secure, alas! @files = <*.c>; # insecure (uses readdir() or similar) @@ -114,7 +118,8 @@ For example: If you try to do something insecure, you will get a fatal error saying something like "Insecure dependency" or "Insecure $ENV{PATH}". Note that you can still write an insecure B<system> or B<exec>, but only by explicitly -doing something like the "considered secure" example above. +doing something like the "considered secure" example above. This will not +be possible in a future version of Perl. =head2 Laundering and Detecting Tainted Data |