On Wed, Sep 27, 2000 at 07:36:42AM -0000, Perl6 RFC Librarian wrote:
> Tainting should be able to be turned off, as Tom recommends,
> but only if the user turns on the "absolutely, positively,
> do NOT turn on taint mode" switch.
I can see it now -- C<no taint 'really';>. Really, I don't see why we can't
just have a 'use taint' and 'no taint' pargma. You have to turn on tainting
at the commandline, but other then that, you can turn it on and off (even
C<use taint 'warning'>, possibly) at runtime. Doing so is probably not a
good idea in the vast majority of cases, but should still be supported.
Perl should have a safety on its guns, but shouldn't prevent you from
shooting yourself in the foot if you really want to. Otherwise, perl would
be another B&D language.
In specific, I can see a suid script dropping permissions, and then doing a
'no taint' so it can run freely in the end-user's account. Think
cgi_wrapper without spawning a new interpreter.
-=- James Mastros
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GU>CS d->-- s-:- a20 C++ UL+++@ P+++>+++++ L++@ E-() N o? K? w@ M-- !V
PS++ PE Y+ PGP(-) t++@ 5+ X+++ R+ tv+ b+++ DI+ D+ G e>++ h! r- y?
------END GEEK CODE BLOCK------
