=item *
-If you pass more than one argument to either C<system> or C<exec>,
-the arguments are checked for taintedness B<but> the operation will still
-be attempted, emitting an optional warning. This will be fatal in a
-future version of perl so do not rely on it to bypass the tainting
-mechanism.
-
-=item *
-
Arguments to C<print> and C<syswrite> are B<not> checked for taintedness.
=item *
$data = 'abc'; # Not tainted
system "echo $arg"; # Insecure
- system "/bin/echo", $arg; # Allowed but considered insecure
+ system "/bin/echo", $arg; # Considered insecure
# (Perl doesn't know about /bin/echo)
system "echo $hid"; # Insecure
system "echo $data"; # Insecure until PATH set
open(FOO,"echo $arg|"); # Not OK
open(FOO,"-|")
- or exec 'echo', $arg; # Allowed but not really OK
+ or exec 'echo', $arg; # Also not OK
$shout = `echo $arg`; # Insecure, $shout now tainted
umask $arg; # Insecure
exec "echo $arg"; # Insecure
- exec "echo", $arg; # Allowed but considered insecure
- exec "sh", '-c', $arg; # Considered secure, alas!
+ exec "echo", $arg; # Insecure
+ exec "sh", '-c', $arg; # Very insecure!
@files = <*.c>; # insecure (uses readdir() or similar)
@files = glob('*.c'); # insecure (uses readdir() or similar)
$arg, `true`; # Insecure (although it isn't really)
If you try to do something insecure, you will get a fatal error saying
-something like "Insecure dependency" or "Insecure $ENV{PATH}". Note that you
-can still write an insecure B<system> or B<exec>, but only by explicitly
-doing something like the "considered secure" example above. This will not
-be possible in a future version of Perl.
+something like "Insecure dependency" or "Insecure $ENV{PATH}".
=head2 Laundering and Detecting Tainted Data
projects / p5sagit/p5-mst-13.2.git / commitdiff