[tpm] IO::Socket, perl -T and insecure dependency in bind
Antonio Sun
tpm.ats at spamgourmet.com
Wed Dec 4 07:23:15 PST 2013
On Tue, Dec 3, 2013 at 3:48 PM, Matthew Phillips - mattp at cpan.org wrote:
Are you running taint mode (perl -T switch) intentionally?
>
That was someone else's code I just inherited, with that -T switch. I
looked at perlrun but still wasn't sure what that switch is for.
> Reading from an external source (ie your conf file) is tainted data (thus
> the warning). See perldoc perlsec (
> http://perldoc.perl.org/perlsec.html#Laundering-and-Detecting-Tainted-Data) for more information on how to deal with this. Alternatively, you can
> turn off taint mode.
>
Thanks for the info, now I know what that switch is for and why, and most
importantly, how to untainted it:
1. if ($data =~ /^([-\@\w.]+)$/) {
2. $data = $1; # $data now untainted
3. } else {
4. die <http://perldoc.perl.org/functions/die.html> "Bad data in '$data'"
; # log this somewhere
5. }
Thanks again.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/toronto-pm/attachments/20131204/1e129868/attachment.html>
More information about the toronto-pm
mailing list