From 41d6edb2c1acac32a0296d594f0943752d23f077 Mon Sep 17 00:00:00 2001 From: Jarkko Hietaniemi Date: Sun, 19 Mar 2000 03:15:58 +0000 Subject: Taint msgrcv() messages; general SysV IPC cleanup. p4raw-id: //depot/cfgperl@5812 --- pod/perlsec.pod | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'pod/perlsec.pod') diff --git a/pod/perlsec.pod b/pod/perlsec.pod index b271f7016c..4185e84803 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -33,14 +33,15 @@ You may not use data derived from outside your program to affect something else outside your program--at least, not by accident. All command line arguments, environment variables, locale information (see L), results of certain system calls (readdir(), -readlink(), the variable of() shmread, the password, gcos and shell -fields of the getpwxxx() calls), and all file input are marked as -"tainted". Tainted data may not be used directly or indirectly in any -command that invokes a sub-shell, nor in any command that modifies -files, directories, or processes. (B: If you pass -a list of arguments to either C or C, the elements of -that list are B checked for taintedness.) Any variable set to a -value derived from tainted data will itself be tainted, even if it is +readlink(), the variable of shmread(), the messages returned by +msgrcv(), the password, gcos and shell fields returned by the +getpwxxx() calls), and all file input are marked as "tainted". +Tainted data may not be used directly or indirectly in any command +that invokes a sub-shell, nor in any command that modifies files, +directories, or processes. (B: If you pass a list +of arguments to either C or C, the elements of that list +are B checked for taintedness.) Any variable set to a value +derived from tainted data will itself be tainted, even if it is logically impossible for the tainted data to alter the variable. Because taintedness is associated with each scalar value, some elements of an array can be tainted and others not. -- cgit v1.2.1