On Wed, Mar 24, 2004 at 12:20:58PM -0800, Stas Bekman wrote: > I completely agree with you, Hugo. But I'm also sure that you know that > when something doesn't work under -T a frustrated user simply turns it off. > So: > > "Well yes it does, in an untainted environment" > > is really, not it doesn't work. I'd rather relax taint checking in certain > places, rather than have the user turn it off completely. Certainly > documenting the issue should be helpful.
Whether relxed tainting is superior to no tainting is surely dependent on your view of tainting, to whit: 1) If tainting is a security measure to prevent malicious attackers (e.g., as used in suid scripts), then a relaxed tainting provides a false sense of security, and at least no tainting lets you know that the script is not to be trusted. 2) If tainting is a bit like warnings, in that it's a helpful warning measure to assist in catching a number of common issues but not a guarantee of anything, then as you say, a relaxed taint that's used is better than none at all. Mx.
