> What about something like this: > > chomp(my ($class, $meth, @args) = <>); > $class->$meth($args); > > And the user types in: > rm > POSIX::system > -rf > / > ^D > > Is this still merely flow control?
Yes. Look it up. Do not think that I'm saying this is an innocent or insignificant problem. I just do not see any simple ways to fix it, especially given the time frame. While it's a definite hole in the taint system, but all the fuss seems to be a bit blown out of proportion, maybe because the problem has been witnessed in a currently fashionable and buzzword-compliant piece of software. Taint is not a silver bullet that completely and instantly and permanently secures your code: it's tool that can help in doing that, and now a corner of that tool seemingly needs some sharpening. > Changing perl to prevent use of tainted method names or symbolic > reference sub calls might not be doable in the given time frame, but Don't fool yourself by stopping at that. It must be all of control flow. > perhaps there's time to add a warning to the documentation? > > Hmm, how to phrase it, though... That's easy: "Don't use symbolic method names or do symbolic reference sub calls." The real question where to put it. -- $jhi++; # http://www.iki.fi/jhi/ # There is this special biologist word we use for 'stable'. # It is 'dead'. -- Jack Cohen