Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: Trojan Horse? (taint mode)

by mattr (Curate)
on Nov 26, 2001 at 12:56 UTC ( #127508=note: print w/ replies, xml ) Need Help??


in reply to Trojan Horse? (taint mode)

I can't figure out why you would ever want to execute/eval untainted CGI input as-is. And I don't know if I'd trust Perl's CGI tainting to keep my evals safe from those curly brackets.. paranoia is good there.

As far as standard input, you are worried about a user maliciously erasing all their own files? Or are you allowing users to run suid? Context?

update 2002.1.26 sorry I missed your/blakem's quotation.


Comment on Re: Trojan Horse? (taint mode)
Re: Re: Trojan Horse? (taint mode)
by IraTarball (Monk) on Nov 26, 2001 at 21:37 UTC
    The context is general knowledge. This all started when I read the passage I tersely quoted and blakem included in full. It's not to solve a specific implementation problem, but rather to ensure understanding so that I can avoid specific implementation problems.

    I can't figure out why you would ever want to execute/eval untainted CGI input as-is

    Yeah, that does sound dangerous. That's why the quoted material caught my attention. It seemes to imply that code could be evaluated without my express permission but instead simply because I put it in double quotes. That kinda freaked me out.

    Thanks,

    Ira,

    "So... What do all these little arrows mean?"
    ~unknown

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://127508]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (5)
As of 2014-12-20 21:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (99 votes), past polls