[sf-perl] randomize particular lines
Quinn Weaver
qw at sf.pm.org
Tue Mar 7 10:53:38 PST 2006
On Tue, Mar 07, 2006 at 10:36:40AM -0800, Chris Palmer wrote:
> Joseph Brenner writes:
>
> > I don't use -T on non-cgi scripts myself...
>
> You really should. Any warning you get as a result of taint checking is
> in fact a real, live security bug. Taint mode has no false alarms.
By the way, for those who are interested, some Berkeley researchers
presented a "taint checker" for C++ at CodeCon. (It's actually a
general-purpose parser that tracks "data flow" statically, i.e.
in source code. Pretty amazing, considering that it can handle
templates properly.) They ran the Linux kernel through it and
found six unnoticed security bugs(!)
The team includes SF Perl Monger Daniel S. Wilkerson.
This page by him is a great starting point:
http://www.cs.berkeley.edu/~dsw/oink.html
--
qw (Quinn Weaver); #President, San Francisco Perl Mongers
=for information, visit http://sf.pm.org/weblog =cut
More information about the SanFrancisco-pm
mailing list