Taint differences between 5.8.0 and 5.8.1?

Discussion in 'Perl Misc' started by Matthew Braid, Oct 22, 2003.

  1. Hi all,

    I was just trolling through my messages file recently and noticed that
    ever since I upgraded from 5.8.0 to 5.8.1 I've been getting a lot of
    'Insecure dependency' (ie taint) errors from one of my daemon scripts.

    On closer inspection I narrowed it down to an exec call in MIME::Lite.
    This chunk of code had not produced an error before while taint mode is
    on (and in fact the comments around that chunk of code basically said
    'Run sendmail in a taint-safe fashion').

    Has exec become more taint-aware between 5.8.0 and 5.8.1?

    I worked around it by untainting everything passed to exec, but it was a
    little surprising and I haven't seen anything mentioned about the change
    in documentation.

    MB
     
    Matthew Braid, Oct 22, 2003
    #1
    1. Advertising

  2. Matthew Braid wrote:
    >I was just trolling through my messages file recently and noticed that
    >ever since I upgraded from 5.8.0 to 5.8.1 I've been getting a lot of
    >'Insecure dependency' (ie taint) errors from one of my daemon scripts.
    >
    >On closer inspection I narrowed it down to an exec call in MIME::Lite.
    >This chunk of code had not produced an error before while taint mode is
    >on (and in fact the comments around that chunk of code basically said
    >'Run sendmail in a taint-safe fashion').
    >
    >Has exec become more taint-aware between 5.8.0 and 5.8.1?


    A few taint bugs have been corrected.
    Does deleting $ENV{TERM} help ?

    >I worked around it by untainting everything passed to exec, but it was a
    >little surprising and I haven't seen anything mentioned about the change
    >in documentation.


    You can also use the -t command-line switch in place of -T when
    debugging taint mode programs : it turns tainting fatal errors into
    warnings. (see perlrun.)

    --
    Uniform is not *NIX
     
    Rafael Garcia-Suarez, Oct 22, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kristina Clair
    Replies:
    0
    Views:
    672
    Kristina Clair
    Aug 27, 2004
  2. Johann C. Rocholl

    Taint (like in Perl) as a Python module: taint.py

    Johann C. Rocholl, Feb 5, 2007, in forum: Python
    Replies:
    5
    Views:
    477
    Johann C. Rocholl
    Feb 6, 2007
  3. Home_Job_opportunity
    Replies:
    0
    Views:
    503
    Home_Job_opportunity
    Jan 8, 2009
  4. Home_Job_opportunity
    Replies:
    0
    Views:
    589
    Home_Job_opportunity
    Jan 14, 2009
  5. Ben
    Replies:
    17
    Views:
    238
Loading...

Share This Page