Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re^3: Taint mode limitations

by chromatic (Archbishop)
on Nov 03, 2012 at 18:24 UTC ( #1002129=note: print w/replies, xml ) Need Help??


in reply to Re^2: Taint mode limitations
in thread Taint mode limitations

However, I suspect that (c) would strongly encourage people to clean and untaint() their user intputs as soon as they acquire them...

Regardless of the existence or presence of taint mode, secure applications do this already.

I understand your argument (reusing capture groups for untainting was a mistake of the premature reuse of a feature), but I don't see the current situation as an onerous burden. Even without taint mode I would still write my code to perform input validation at the edges of the program, just as I handle encoding concerns at IO boundaries.

Replies are listed 'Best First'.
Re^4: Taint mode limitations
by Anonymous Monk on Nov 04, 2012 at 15:56 UTC
    I understand your argument (reusing capture groups for untainting was a mistake of the premature reuse of a feature), but I don't see the current situation as an onerous burden.

    That's interesting and is getting me to wonder if I am not worrying about scenarios that don't happen in practice.

    What do you make of the various situations that I outline in this page: http://www.perlmonks.org/?node_id=1002207. Are these things that typically don't happen in practice? And if so, can you explain why that is? Or maybe you don't find that checking for taintedness before every print to STDOUT, every regexp match and every call to a third party library is not onerous, and you feel confident that you never forget to do it?

    BTW: I am not saying this to be sarcastic. I am more than open to the possibillity that I am imagining nightmare scenarios that don't happen in practice. I am also more than open to the possibilities that some programmers are able to think about checking for taintedness before every print, regexp match or third party library call (I'm just not one of them ;-)).

      Well, you're missing the obvious point that taint was designed to avoid DIRTY data from messing up system calls, and tainted data doesn't break print -- A browser/website vulnerable to XSRF is about 11 domains removed from domain of taint -- not taints job

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1002129]
help
Chatterbox?
[tye]: apropos my several mentions of audit
[Corion]: At least my (non-SELinux) Debian has that config thing set. I don't have non-Debian machines handy (except Android)
[Corion]: My Android phone also has /proc/self/ loginuid, but that displays -1 (resp. 4GB). That might be because the phone is rooted.
[tye]: -1 means nobody logged in or the process was started before audit got booted
[davido]: ok, on my ubuntu system getlogin grabs from /proc/self/ loginuid (per strace)
[tye]: disable /proc and then see what it does?
[davido]: then it reads from /etc/passwd to decide who my uid is.
[davido]: sorry, typed that before you asked me to disable proc

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (6)
As of 2017-06-23 20:00 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    How many monitors do you use while coding?















    Results (554 votes). Check out past polls.