Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No subject provided #891

p5pRT opened this issue Nov 24, 1999 · 1 comment

No subject provided #891

p5pRT opened this issue Nov 24, 1999 · 1 comment


Copy link

p5pRT commented Nov 24, 1999

Migrated from (status was 'resolved')

Searchable as RT1823$

Copy link

p5pRT commented Nov 24, 1999

From @muir

I've long believed that the way to untaint something was to do a
regex match against it and then use one of the numbered matches...

The following code shows that this does not always work​:

--------------------- cut here -----------------
exec env PT=zz/yy perl -Tx $0
#!/usr/local/bin/perl -T

my $pcold = "/yy";
my $tainted, $nottainted;
if ($ENV{'PT'} =~ m,^(.*)\Q$pcold\E$,) {
  $tainted = "$1/pp";
if ($ENV{'PT'} =~ m,^([.]*)\Q$pcold\E$,) {
  $nottainted = "$1/pp";

print (STDERR is_tainted($tainted) ? "TAINTED\n" : "NOT TAINTED\n");
print (STDERR is_tainted($nottainted) ? "TAINTED\n" : "NOT TAINTED\n");

sub is_tainted
  return ! eval {
  join('',@​_), kill 0;

--------------------- cut here -----------------

Correct behavior would be to print "NOT TAINTED" twice.

Interestingly enough, the taintedness of the variable showed up
a little late.

  $tainted above got inserted into @​INC
  A module was found in the directory $tainted
  In that module, fastcwd() was called. It died in

This is also true with 5.005_03.

Perl Info

Site configuration information for perl 5.00502:

Configured by markm at $Date: 1999/01/17 09:53:34 $.

Summary of my perl5 (5.0 patchlevel 5 subversion 2) configuration:
    osname=freebsd, osvers=3.0-current, archname=i386-freebsd
    uname='freebsd 3.0-current #0: '
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef useperlio=undef d_sfio=undef
    cc='cc', optimize='undef', gccversion=
    ccflags =''
    stdchar='char', d_stdstdio=undef, usevfork=true
    intsize=4, longsize=4, ptrsize=4, doublesize=8
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    alignbytes=4, usemymalloc=n, prototype=define
  Linker and Libraries:
    ld='ld', ldflags ='-Wl,-E '
    libs=-lm -lc -lcrypt
    libc=undef, so=so, useshrplib=true,
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
    cccdlflags='-DPIC -fpic', lddlflags='-shared '

Locally applied patches:

@INC for perl 5.00502:

Environment for perl 5.00502:
    LANG (unset)
    LOGDIR (unset)
    PERL_BADLANG (unset)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

1 participant