Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re: Trojan Horse? (taint mode)

by mattr (Curate)
on Nov 26, 2001 at 12:56 UTC ( #127508=note: print w/ replies, xml ) Need Help??


in reply to Trojan Horse? (taint mode)

I can't figure out why you would ever want to execute/eval untainted CGI input as-is. And I don't know if I'd trust Perl's CGI tainting to keep my evals safe from those curly brackets.. paranoia is good there.

As far as standard input, you are worried about a user maliciously erasing all their own files? Or are you allowing users to run suid? Context?

update 2002.1.26 sorry I missed your/blakem's quotation.


Comment on Re: Trojan Horse? (taint mode)
Replies are listed 'Best First'.
Re: Re: Trojan Horse? (taint mode)
by IraTarball (Monk) on Nov 26, 2001 at 21:37 UTC
    The context is general knowledge. This all started when I read the passage I tersely quoted and blakem included in full. It's not to solve a specific implementation problem, but rather to ensure understanding so that I can avoid specific implementation problems.

    I can't figure out why you would ever want to execute/eval untainted CGI input as-is

    Yeah, that does sound dangerous. That's why the quoted material caught my attention. It seemes to imply that code could be evaluated without my express permission but instead simply because I put it in double quotes. That kinda freaked me out.

    Thanks,

    Ira,

    "So... What do all these little arrows mean?"
    ~unknown

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://127508]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (10)
As of 2015-07-30 07:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (270 votes), past polls