From e07cc68f8a7ef64c28e2cf0e1c6626cd26b9a877 Mon Sep 17 00:00:00 2001 From: Hugo van der Sanden Date: Wed, 25 Oct 2023 16:37:57 +0100 Subject: [PATCH] perlsec: minor taint edit Paragraph signalling option to disable taint landed in the middle of another sentence, breaking it. --- pod/perlsec.pod | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/pod/perlsec.pod b/pod/perlsec.pod index 8c9f96609008..064281d9518e 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -45,7 +45,13 @@ these. Other checks, however, are best supported by the language itself, and it is these checks especially that contribute to making a set-id Perl program more secure than the corresponding C program. -You may not use data derived from outside your program to affect +Support for taint checks adds an overhead to all Perl programs, +whether or not you're using the taint features. +Perl 5.18 introduced C preprocessor symbols that can +be used to disable the taint features. + +When taint is enabled, +you may not use data derived from outside your program to affect something else outside your program--at least, not by accident. All command line arguments, environment variables, locale information (see L), results of certain system calls (C, @@ -56,11 +62,6 @@ Tainted data may not be used directly or indirectly in any command that invokes a sub-shell, nor in any command that modifies files, directories, or processes, B: -Support for taint checks adds an overhead to all Perl programs, -whether or not you're using the taint features. -Perl 5.18 introduced C preprocessor symbols that can -be used to disable the taint features. - =over 4 =item *