[tpm] IO::Socket, perl -T and insecure dependency in bind

Antonio Sun tpm.ats at spamgourmet.com
Wed Dec 4 07:23:15 PST 2013

On Tue, Dec 3, 2013 at 3:48 PM, Matthew Phillips - mattp at cpan.org wrote:

Are you running taint mode (perl -T switch) intentionally?

That was someone else's code I just inherited, with that -T switch. I
looked at perlrun but still wasn't sure what that switch is for.

> Reading from an external source (ie your conf file) is tainted data (thus
> the warning). See perldoc perlsec (
> http://perldoc.perl.org/perlsec.html#Laundering-and-Detecting-Tainted-Data) for more information on how to deal with this. Alternatively, you can
> turn off taint mode.

Thanks for the info, now I know what that switch is for and why, and most
importantly, how to untainted it:

   1. if ($data =~ /^([-\@\w.]+)$/) {
   2. $data = $1; # $data now untainted
   3. } else {
   4. die <http://perldoc.perl.org/functions/die.html> "Bad data in '$data'"
   ; # log this somewhere
   5. }

Thanks again.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/toronto-pm/attachments/20131204/1e129868/attachment.html>

More information about the toronto-pm mailing list