On Wed, Mar 24, 2004 at 12:20:58PM -0800, Stas Bekman wrote:
I completely agree with you, Hugo. But I'm also sure that you know that when something doesn't work under -T a frustrated user simply turns it off. So:
"Well yes it does, in an untainted environment"
is really, not it doesn't work. I'd rather relax taint checking in certain places, rather than have the user turn it off completely. Certainly documenting the issue should be helpful.
Whether relxed tainting is superior to no tainting is surely dependent on your view of tainting, to whit:
1) If tainting is a security measure to prevent malicious attackers (e.g., as used in suid scripts), then a relaxed tainting provides a false sense of security, and at least no tainting lets you know that the script is not to be trusted.
2) If tainting is a bit like warnings, in that it's a helpful warning measure to assist in catching a number of common issues but not a guarantee of anything, then as you say, a relaxed taint that's used is better than none at all.
Agreed for the general case. But it doesn't apply to this case. Because:
#!/usr/bin/perl -T require Foo; print $Foo::Version;
and
#!/usr/bin/perl -T
my $version = parse_version_untaint_source('Foo');
print $version;are *exactly* the same from the security point of view, because require() ignores the tainting flag.
So if you *do* trust require() of a random file to acquire its version, you ought to trust parse_version_untaint_source() just the same.
__________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
