X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=pod%2Fperlsec.pod;h=87d1f7b3402ad15b99ccf135da4dbb6a00699fb9;hb=e5dd39fcc65538f6d292cb5228105f85fe9eff3e;hp=18c25eee44718af801ca9e0e5e1e06f69eff1e99;hpb=83df6a1d65c0fba9c27c7fb715fa674b03462cf0;p=p5sagit%2Fp5-mst-13.2.git

diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index 18c25ee..87d1f7b 100644
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -44,8 +44,8 @@ directories, or processes, B<with the following exceptions>:
 
 =item *
 
-If you pass a list of arguments to either C<system> or C<exec>,
-the elements of that list are B<not> checked for taintedness.
+If you pass more than one argument to either C<system> or C<exec>,
+the arguments are B<not> checked for taintedness.
 
 =item *
 
@@ -53,9 +53,10 @@ Arguments to C<print> and C<syswrite> are B<not> checked for taintedness.
 
 =back
 
-Any variable set to a value
-derived from tainted data will itself be tainted, even if it is
-logically impossible for the tainted data to alter the variable.
+The value of an expression containing tainted data will itself be
+tainted, even if it is logically impossible for the tainted data to
+affect the value.
+
 Because taintedness is associated with each scalar value, some
 elements of an array can be tainted and others not.
 
@@ -95,13 +96,21 @@ For example:
     unlink $data, $arg;		# Insecure
     umask $arg;			# Insecure
 
-    exec "echo $arg";		# Insecure
+    exec "echo $arg";		# Insecure (uses the shell)
     exec "echo", $arg;		# Secure (doesn't use the shell)
     exec "sh", '-c', $arg;	# Considered secure, alas!
 
     @files = <*.c>;		# insecure (uses readdir() or similar)
     @files = glob('*.c');	# insecure (uses readdir() or similar)
 
+    # In Perl releases older than 5.6.0 the <*.c> and glob('*.c') would
+    # have used an external program to do the filename expansion; but in
+    # either case the result is tainted since the list of filenames comes
+    # from outside of the program.
+
+    $bad = ($arg, 23);		# $bad will be tainted
+    $arg, `true`;		# Insecure (although it isn't really)
+
 If you try to do something insecure, you will get a fatal error saying
 something like "Insecure dependency" or "Insecure $ENV{PATH}".  Note that you
 can still write an insecure B<system> or B<exec>, but only by explicitly
@@ -109,10 +118,11 @@ doing something like the "considered secure" example above.
 
 =head2 Laundering and Detecting Tainted Data
 
-To test whether a variable contains tainted data, and whose use would thus
-trigger an "Insecure dependency" message, check your nearby CPAN mirror
-for the F<Taint.pm> module, which should become available around November
-1997.  Or you may be able to use the following I<is_tainted()> function.
+To test whether a variable contains tainted data, and whose use would
+thus trigger an "Insecure dependency" message, you can use the
+tainted() function of the Scalar::Util module, available in your
+nearby CPAN mirror, and included in Perl starting from the release 5.8.0.
+Or you may be able to use the following I<is_tainted()> function.
 
     sub is_tainted {
 	return ! eval {