Re^4: To taint or not to taint?

in reply to Re^3: To taint or not to taint?
in thread To taint or not to taint?

Makes sense.

Which has made me think, I could change my config loader to automatically untaint all the data it loads from a file if the file is writable only by the current user, no?

Comment on Re^4: To taint or not to taint?

Replies are listed 'Best First'.
Re^5: To taint or not to taint? by tilly (Archbishop) on Mar 19, 2009 at 15:46 UTC
That would be a perfectly reasonable change for any non-suid script. Because any damage that can be done by changing that file can be done more easily directly without using your script.	[reply]

In Section Meditations