PATCH: untaint method for IO::Handle, 5.003_06 version

This is a re-post of my patch to Graham's IO library to add a method in
IO::Handle called "untaint", that sets the IOf_UNTAINT flag on an object
that is of or inherits from IO::Handle. With this flag set, data read from
said handle is not tainted, whether running under -T, suid or sgid.

This patch adds the method to IO.xs, adds documentation and warning to the
pod of IO/Handle.pm, creates a new test in t/lib called io_taint.t, and
adds mention of the new file to MANIFEST.

Document IO::Handle::untaint and give warning about the bad
things it can do.

diff --git a/ext/IO/lib/IO/Handle.pm b/ext/IO/lib/IO/Handle.pm
index 54b32f4..e4abdd2 100644 (file)
--- a/ext/IO/lib/IO/Handle.pm
+++ b/ext/IO/lib/IO/Handle.pm
@@ -143,6 +143,19 @@ Returns true if the object is currently a valid file descriptor.
 
 =back
 
+Lastly, a special method for working under B<-T> and setuid/gid scripts:
+
+=over
+
+=item $fh->untaint
+
+Marks the object as taint-clean, and as such data read from it will also
+be considered taint-clean. Note that this is a very trusting action to
+take, and appropriate consideration for the data source and potential
+vulnerability should be kept in mind.
+
+=back
+
 =head1 NOTE
 
 A C<IO::Handle> object is a GLOB reference. Some modules that