willjones has asked for the wisdom of the Perl Monks concerning the following question:

I have checked the httpd.conf file and the perl.conf file that Apache uses and the PerlSwitches -T line is commented out. I did a grep for any file with the word 'taint' ignoring case, but couldn't uncover anything new. I have checked the individual script files and #/usr/bin/perl does not have a -T on it. However, for some reason I am still running in taint mode. I don't understand why? How can I control this? Is there another way of turning taint mode on/off globally for all files? Anyone have an idea as to why my files are still running in taint mode?

  • Comment on Taint is always on and I don't know why?

Replies are listed 'Best First'.
Re: Taint is always on and I don't know why?
by moritz (Cardinal) on Sep 26, 2008 at 19:34 UTC
    The easiest explanation is that you forgot to restart your web server, and that the old configuration (with PerlSwitches -T not commented out) is still in effect.

    There are other reasons why taint checking might be performed, all of which are documented in perlsec. A common reason is the setuid or setgid bit in the permission mask of the script.

Re: Taint is always on and I don't know why?
by Lawliet (Curate) on Sep 26, 2008 at 19:28 UTC

    How do you know that taint mode is on?

    I'm so adjective, I verb nouns!

    chomp; # nom nom nom