[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] Taint Checks



At 12.35 11/18/97, Bart Lateur wrote:
>I thought that, on a Unix box, this applied mostly to preventing
>dangerous thing to happen, especially relating to calling externam
>programs (sommand lines), but what does it mean on a Mac?

Same thing.  It is not just related to external programs, though.  Some
problems might involve an eval, where anything can happen.  Common problems
will be with filenames:

How about this little dandy:

my $file = $cgi->parma('filename');
open(F,">mydirectory:$file") || die($!);

That's fine, right?  Well, what if $file is '::index.html'?  It just went
back one directory and wiped out a file.

Taint checking is not always necessary, and less necessary on a Mac than on
Unix, but it is good practice nontheless, IMO.

--
Chris Nandor               pudge@pobox.com           http://pudge.net/
%PGPKey=('B76E72AD',[1024,'0824 090B CE73 CA10  1FF7 7F13 8180 B6B6'])
#==                    MacPerl: Power and Ease                     ==#
#==    Publishing Date: Early 1998. http://www.ptf.com/macperl/    ==#




***** Want to unsubscribe from this list?
***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch