http://www.perlmonks.org?node_id=368451

arthas has asked for the wisdom of the Perl Monks concerning the following question:

Hi All!

I've got a question about Perl pragmas. I know that instead of -w compiler switch, I can say:

use warnings;

at the top of my code, which is a lot cooler. ;-) Also, I can specify other interesting pragmas such as diagnostics and strict.

My question is: why isn't there a taint pragma? Without it, one is forced to use the -T interpreter switch in the shebang line. Is there a reason (something that has to do with perl internals) that motivates it's absence? This is not a big problem at all, but I'm kinda curious. ;-)

Thanks, Michele.

Replies are listed 'Best First'.
Re: use taint
by Tomte (Priest) on Jun 21, 2004 at 14:28 UTC

    Because using a pragma, the interpreter would have to start running your code in untainted mode, rendering the whole point in using taint-mode moot.

    I suggest to read perlsec thoroughly

    regards,
    tomte


    An intellectual is someone whose mind watches itself.
    -- Albert Camus

Re: use taint
by hardburn (Abbot) on Jun 22, 2004 at 13:17 UTC

    It's under the re progma (which alters regular expression behavior, which is more or less what taint mode is). However, AFAIK, saying use re 'taint'; has no effect. It's mostly there so you can say no re 'taint'; to shut off taint mode for a given lexical scope.

    ----
    send money to your kernel via the boot loader.. This and more wisdom available from Markov Hardburn.

      hmm, the way I read the docs suggest that use re 'taint'; does not enable global taint mode as perl -[Tt] does; if it is active, the regex-engines memory vars (and match-operators return values in list context) will be tainted if the input thats matched against was tainted -- no re 'taint'; is used to disable these effects for certain code blocks.

      AFAI understand this, the purpose of this module is to tighten security in taint-mode a bit – you can only untaint data in blocks in which no re 'tain' is active...

      regards,
      tomte


      An intellectual is someone whose mind watches itself.
      -- Albert Camus

        Right, use re 'taint'; doesn't appear to do anything useful:

        $ perl -e 'use re "taint"; open FH, pop; close FH;' ">somefile" $ perl -T -e 'open FH, pop; close FH;' ">somefile" Insecure dependency in open while running with -T switch at -e line 1. $ perl -v This is perl, v5.8.2 built for i686-linux . . .

        It's purpose is basically so you can have the orthagonal operation, no re 'taint';, which is useful (sort of . . . ).

        ----
        send money to your kernel via the boot loader.. This and more wisdom available from Markov Hardburn.