On Tue, Jun 24, 2008 at 8:05 AM, Paul Fenwick <[EMAIL PROTECTED]> wrote: >> I don't see why some subroutine N levels down the call stack in some >> utility module should be expected to preserve taint on data you didn't >> check when you received it.
I think this is the crux of our disagreement and for me it's a practical issue, not a principles issue. I think that since Perl doesn't allow one to turn off regex untainting globally, that it's unreasonable (unrealistic?) to expect every module in your prerequisite tree to do it for you. Therefore, practically speaking, you can't make any assumptions about taint status so you should manage it locally where you have control. > For the same reasons I don't want some subroutine N levels down to overwrite > $_, screw around with my $/, or make $@ mysteriously disappear or change. Those are globals (which is a whole separate issue). An argument to a function and the return values aren't. > * One of Perl's most commonly used language features (regexps) > marks data as trusted by default. > > * Therefore, most code that uses regexps will untaint by accident. > > > Unfortunately, adding a metric to CPANTS is going to solve it, although it > would certainly increase awareness of the issue. Changing how Perl untaints > data isn't possible, since we'll break old code, and it won't help older > Perls anyway. I'm not sure it's not worth putting to p5p anyway. Maybe there should be a global "don't untaint via regex" option not unlike the "-w" and "-W" command line switches. > Having a module that changes the default behaviour and can be loaded into an > application that cares probably will work[2], and is much more dependable > than relying upon every CPAN author to have been doing the right thing for > something they may never use. I've thought about several approaches. Wrapping the subroutines to taint results might work, but no guarantee everything that needs to be wrapped get wrapped. My best idea so far is overriding CORE::GLOBAL::require to "source filter" each module on load and add "use re 'taint'" at the top: If you load the module first on the command line with "-MRequire::re::taint" or whatever, that might be enough for what you need. > David, chromatic, thank-you both for letting me bounce ideas off you, I > really do appreciate it a great deal. My pleasure. Always fun to think about the hard problems. ;-) David
