Re: perl 5.8.4, IO::Socket, and taint checking


go ahead... be a heretic
	PerlMonks

Re: perl 5.8.4, IO::Socket, and taint checking

by Joost (Canon)

on Jun 11, 2004 at 17:18 UTC ( [id://363479]=note: print w/replies, xml )

Need Help??

in reply to perl 5.8.4, IO::Socket, and taint checking

This really looks like a perl bug to me:

use use Scalar::Util qw(tainted);
print "\$base is ",tainted($base) ? "" : "not ","tainted\n";
my $url = "$base/index.html";
print "\$url is ",tainted($url) ? "" : "not ","tainted\n";
print get($url);
___OUTPUT___
$base is not tainted
$url is not tainted
Insecure dependency in connect while running with -T switch at /usr/li
+b/perl/5.8/IO/Socket.pm line 114.
[download]

While it works if you set $base to some hard-coded value...

Update:

I also upgraded (from 5.8.0 to 5.8.3) so can anyone confirm if this also happens with a "clean" perl 5.8.3 + install ?

"What should it profit a man, if he should win a flame war, yet lose his cool?"

Comment on Re: perl 5.8.4, IO::Socket, and taint checking Download Code

Replies are listed 'Best First'.
Re^2: perl 5.8.4, IO::Socket, and taint checking by cfreak (Chaplain) on Jun 12, 2004 at 05:43 UTC
I have a default install of Fedora Core 1 with 5.8.3 and I don't seem to have the bug. Lobster Aliens Are attacking the world!	[reply]
Re^2: perl 5.8.4, IO::Socket, and taint checking by thunders (Priest) on Jun 12, 2004 at 13:22 UTC
I tested the same script under "perl, v5.8.3 built for i386-linux-thread-multi" which is from Mandrake 10.0's perl-base-5.8.3-5mdk. I did not see any errors like that.	[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://363479]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others scrutinizing the Monastery: (6)

As of 2024-04-19 12:55 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found