New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Made Proc::Daemon internally taint safe by untainting pids read from any external source. #2

Merged
merged 1 commit into from Jan 25, 2015

Conversation

Projects
None yet
2 participants
@rvandam
Contributor

rvandam commented Jan 25, 2015

Also, added a new test which re-runs the primary 02_testmodule.t in taint mode. (I only tested on linux so hopefully this works in non-unix environments like Win32).

I added a comment in the pod to indicate that Proc::Daemon is now taint safe if not passed any tainted parameters. That is to say that Proc::Daemon will no longer be the source of any tainted data, particularly from get_pid (as it used to). However, since it uses commands like 'chdir' and 'exec' internally, you might still get a fatal error in taint mode if you pass it tainted data. That seems reasonable to me since Proc::Daemon has no safe way of untainting such data; it should therefore be the caller's responsibility.

Made Proc::Daemon internally taint safe by untainting pids read
from any external source. Also, added a new test which re-runs
the primary 02_testmodule.t in taint mode

akreal added a commit that referenced this pull request Jan 25, 2015

Merge pull request #2 from rvandam/taint-safe
Made Proc::Daemon internally taint safe by untainting pids read from any external source.

@akreal akreal merged commit 0720e10 into akreal:master Jan 25, 2015

@akreal

This comment has been minimized.

Show comment
Hide comment
@akreal

akreal Jan 25, 2015

Owner

Thank you!

Owner

akreal commented Jan 25, 2015

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment