Taint differences between 5.8.0 and 5.8.1?

Discussion in 'Perl Misc' started by Matthew Braid, Oct 22, 2003.

  1. Hi all,

    I was just trolling through my messages file recently and noticed that
    ever since I upgraded from 5.8.0 to 5.8.1 I've been getting a lot of
    'Insecure dependency' (ie taint) errors from one of my daemon scripts.

    On closer inspection I narrowed it down to an exec call in MIME::Lite.
    This chunk of code had not produced an error before while taint mode is
    on (and in fact the comments around that chunk of code basically said
    'Run sendmail in a taint-safe fashion').

    Has exec become more taint-aware between 5.8.0 and 5.8.1?

    I worked around it by untainting everything passed to exec, but it was a
    little surprising and I haven't seen anything mentioned about the change
    in documentation.

    MB
     
    Matthew Braid, Oct 22, 2003
    #1
    1. Advertisements

  2. A few taint bugs have been corrected.
    Does deleting $ENV{TERM} help ?
    You can also use the -t command-line switch in place of -T when
    debugging taint mode programs : it turns tainting fatal errors into
    warnings. (see perlrun.)
     
    Rafael Garcia-Suarez, Oct 22, 2003
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.