5.6 untained glob (Re: glob)


Pathologically Eclectic Rubbish Lister
	PerlMonks

5.6 untained glob (Re: glob)

by tye (Cardinal)

on Jan 24, 2001 at 18:54 UTC ( #53985=note: print w/ replies, xml )

Need Help??

in reply to glob

Running a test I find that readdir() doesn't return tainted data so 5.6's glob()s (there are choices of several now) shouldn't either (or readdir() is also broken) since they just do readdir() and return a subset of the values.

I would certainly understand claiming that both readdir() and new glob()s should return tainted data (I could also understand automatically untainting any file names that don't contain unusual characters).

Note also that just trying to do a glob() prior to 5.6 should fail if running in taint mode as doing the glob() is just opening up a huge list of security holes. ):

- tye (but my friends call me "Tye")

Comment on 5.6 untained glob (Re: glob)

In Section Seekers of Perl Wisdom

Node Status^?

node history
Node Type: note [id://53985]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others musing on the Monastery: (6)

As of 2013-05-23 05:28 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

The best material for plates (tableware) is:

Results (473 votes), past polls