X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=pod%2Fperlsec.pod;h=4185e848036fd0c86813d79320c49b4a3ad04ead;hb=49b8b560b023159cf65bbcf3068dc24e8091bc05;hp=e61316511c1a3b157af55c01df6e51bf59e3c01a;hpb=4602f195a9a943db1cd284ff4af1bcdb58f98ead;p=p5sagit%2Fp5-mst-13.2.git diff --git a/pod/perlsec.pod b/pod/perlsec.pod index e613165..4185e84 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -32,18 +32,19 @@ program more secure than the corresponding C program. You may not use data derived from outside your program to affect something else outside your program--at least, not by accident. All command line arguments, environment variables, locale information (see -L), results of certain system calls (readdir, readlink, -the gecos and shell fields of getpw* calls), and all file input are -marked as "tainted". Tainted data may not be used directly or -indirectly in any command that invokes a sub-shell, nor in any command -that modifies files, directories, or processes. (B: If you pass a list of arguments to either C or -C, the elements of that list are B checked for -taintedness.) Any variable set to a value derived from tainted data -will itself be tainted, even if it is logically impossible for the -tainted data to alter the variable. Because taintedness is associated -with each scalar value, some elements of an array can be tainted and -others not. +L), results of certain system calls (readdir(), +readlink(), the variable of shmread(), the messages returned by +msgrcv(), the password, gcos and shell fields returned by the +getpwxxx() calls), and all file input are marked as "tainted". +Tainted data may not be used directly or indirectly in any command +that invokes a sub-shell, nor in any command that modifies files, +directories, or processes. (B: If you pass a list +of arguments to either C or C, the elements of that list +are B checked for taintedness.) Any variable set to a value +derived from tainted data will itself be tainted, even if it is +logically impossible for the tainted data to alter the variable. +Because taintedness is associated with each scalar value, some +elements of an array can be tainted and others not. For example: