On 2001.12.29 22:43 Michael G Schwern wrote:
> So would it be a good idea to make $obj->$tainted(@args) a taint
> violation along with $tainted->(@args) and basically any other use of
> a tainted variable as a symbolic reference? Seems Ripe For Evil.
>From perlsec, the point of tainting is :
You may not use data derived from outside your program to
affect something else outside your program.
And :
Tainted data may not be used
directly or indirectly in any command that invokes a
sub-shell, nor in any command that modifies files,
directories, or processes.
Your suggestion would be the first introduction of taint checking
in some area that don't involve the outside environment of the
program. (note that I'm not voting against your proposal : this is
only a comment.)
