icon Top 9 categories map      RocketAware > Perl >

Changes to tainting checks

Tips: Browse or Search all pages for efficient awareness of Perl functions, operators, and FAQs.


Home

Search Perl pages

Subjects

By activity
Professions, Sciences, Humanities, Business, ...

User Interface
Text-based, GUI, Audio, Video, Keyboards, Mouse, Images,...

Text Strings
Conversions, tests, processing, manipulation,...

Math
Integer, Floating point, Matrix, Statistics, Boolean, ...

Processing
Algorithms, Memory, Process control, Debugging, ...

Stored Data
Data storage, Integrity, Encryption, Compression, ...

Communications
Networks, protocols, Interprocess, Remote, Client Server, ...

Hard World
Timing, Calendar and Clock, Audio, Video, Printer, Controls...

File System
Management, Filtering, File & Directory access, Viewers, ...

    

Changes to tainting checks

A bug in previous versions may have failed to detect some insecure conditions when taint checks are turned on. (Taint checks are used in setuid or setgid scripts, or when explicitly turned on with the -T invocation option.) Although it's unlikely, this may cause a previously-working script to now fail -- which should be construed as a blessing, since that indicates a potentially-serious security hole was just plugged.

The new restrictions when tainting include:

Source: what's new for perl5.004
Copyright: Larry Wall, et al.
Next: No glob() or <*>

Previous: wantarray may return undef


(Corrections, notes, and links courtesy of RocketAware.com)


[Overview Topics]

Up to: Process Limits



Rapid-Links: Search | About | Comments | Submit Path: RocketAware > Perl > perldelta/Changes_to_tainting_checks.htm
RocketAware.com is a service of Mib Software
Copyright 2000, Forrest J. Cavalier III. All Rights Reserved.
We welcome submissions and comments