Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no re 'taint' -- does not work #892

Closed
p5pRT opened this issue Nov 24, 1999 · 4 comments
Closed

no re 'taint' -- does not work #892

p5pRT opened this issue Nov 24, 1999 · 4 comments
Labels
distro-unknown type-library

Comments

@p5pRT
Copy link

p5pRT commented Nov 24, 1999

Migrated from rt.perl.org#1824 (status was 'resolved')

Searchable as RT1824$
@p5pRT
Copy link
Author

p5pRT commented Nov 24, 1999

From @muir

---------------- cut here -----------------------
#!/bin/sh
exec env PT=zz/yy perl -Tx $0
#!/usr/local/bin/perl -T

no re 'taint';
my $pcold = "/yy";
my $tainted;
if ($ENV{'PT'} =~ m,^(.*)\Q$pcold\E$,) {
  $tainted = "$1/pp";
}

print (STDERR is_tainted($tainted) ? "TAINTED\n" : "NOT TAINTED\n");

sub is_tainted
{
  return ! eval {
  join('',@​_), kill 0;
  1;
  };
}
---------------- cut here -----------------------

The above prints "TAINTED" on 5.005_02 and 5.005_03.

It shouldn't.

Interestingly enough, substituting "/yy" for "\Q$pcold\E" fixes
the problem. Why?

Thanks,
-Dave

Perl Info 


Site configuration information for perl 5.00502:

Configured by markm at $Date: 1999/01/17 09:53:34 $.

Summary of my perl5 (5.0 patchlevel 5 subversion 2) configuration:
  Platform:
    osname=freebsd, osvers=3.0-current, archname=i386-freebsd
    uname='freebsd 3.0-current #0: '
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=undef useperlio=undef d_sfio=undef
  Compiler:
    cc='cc', optimize='undef', gccversion=2.7.2.1
    cppflags=''
    ccflags =''
    stdchar='char', d_stdstdio=undef, usevfork=true
    intsize=4, longsize=4, ptrsize=4, doublesize=8
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    alignbytes=4, usemymalloc=n, prototype=define
  Linker and Libraries:
    ld='ld', ldflags ='-Wl,-E '
    libpth=/usr/lib
    libs=-lm -lc -lcrypt
    libc=undef, so=so, useshrplib=true, libperl=libperl.so.3
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags=' '
    cccdlflags='-DPIC -fpic', lddlflags='-shared '

Locally applied patches:
    


@INC for perl 5.00502:
    /usr/libdata/perl/5.00502/mach
    /usr/libdata/perl/5.00502
    /usr/local/lib/perl5/site_perl/5.005/i386-freebsd
    /usr/local/lib/perl5/site_perl/5.005
    .


Environment for perl 5.00502:
    HOME=/home/muir
    LANG (unset)
    LD_LIBRARY_PATH=.:/usr/lib:/usr/local/lib
    LOGDIR (unset)
    PATH=.:/home/muir/bin/idiom:/home/muir/bin:/home/muir/bin/share:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/shbin:/usr/local/sbin:/usr/local/bin:/usr/local/ptybin:/usr/X11R6/bin:/usr/bin/X11:/usr/local/tex/bin:/usr/ucb:/usr/bin:/bin:/etc:/usr/etc:/usr/games:/lib:/usr/lib:/usr/local/java/bin:/usr/lib/uucp:/usr/openwin/bin:/usr/openwin/bin/xview:/usr/openwin/demo:/usr/adm:/home/muir/tmp
    PERL_BADLANG (unset)
    SHELL=/bin/tcsh

@p5pRT
Copy link
Author

p5pRT commented Dec 11, 2000

From [Unknown Contact. See original ticket]

This appears to still be true in bleadperl.

#!/bin/sh
exec env PT=zz/yy perl -Tx $0
#!/usr/local/bin/perl -T

no re 'taint';
my $pcold = "/yy";
my $tainted;
if ($ENV{'PT'} =~ m,^(.*)\Q$pcold\E$,) {
  $tainted = "$1/pp";
}

print (STDERR is_tainted($tainted) ? "TAINTED\n" : "NOT TAINTED\n");

sub is_tainted
{
  return ! eval {
  join('',@​_), kill 0;
  1;
  };
}
---------------- cut here -----------------------

The above prints "TAINTED" on 5.005_02 and 5.005_03.

It shouldn't.

Interestingly enough, substituting "/yy" for "\Q$pcold\E" fixes
the problem. Why?

Thanks,
-Dave

@p5pRT
Copy link
Author

p5pRT commented Jul 14, 2003

From @rspier

chromatic says​:
#1824 does the right thing on 5.6.0 and 5.8.0.

@p5pRT
Copy link
Author

p5pRT commented Jul 14, 2003

@rspier - Status changed from 'open' to 'resolved'

@p5pRT p5pRT closed this as completed Jul 14, 2003
@p5pRT p5pRT mentioned this issue Oct 19, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
distro-unknown type-library
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@p5pRT