On Mon, 20 Oct 2003, Michael G Schwern wrote:
> On Tue, Oct 21, 2003 at 12:24:03AM -0500, Dave Rolsky wrote:
> > On Mon, 20 Oct 2003, Andrew Savige wrote:
> > > I noticed in Test::Tutorial:
> > > "Taint mode is a funny thing. It's the globalest of all global features.
> > > Once you turn it on it effects all code in your program and all modules
> > > used (and all the modules they use). If a single piece of code isn't
> > > taint clean, the whole thing explodes. With that in mind, it's very
> > > important to ensure your module works under taint mode."
> >
> > Not to mention that it's buggy as hell. For example, in various versions
> > of Perl I've used there have been rather serious bugs in the regex engine
> > when taint mode is on, even when dealing with untainted variables!
>
> I've never hit anything like this. Do you have examples?
Well, one example comes from my Params::Validate module, where I have this
little bit of XS:
while (he = hv_iternext(p)) {
/* This may be related to bug #7387 on bugs.perl.org */
#if (PERL_VERSION == 5)
if (! PL_tainting)
#endif
SvGETMAGIC(HeVAL(he));
Whee, a random taint related bug.
Then there was the time I found that pos() didn't get updated inside
s/\G...//gc matches when taint mode was on, for certain versions of
Perl working with some strings (but not others). I don't think this
bug exists in the current version any more.
I could never reproduce this in a concise example, unfortunately.
Anyway, my taint mode experience has been that random things break in very
weird ways when using it.
-dave
/*=======================
House Absolute Consulting
www.houseabsolute.com
=======================*/
