[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] No Tainting?

To: Kevin Hemenway <info@totalnetnh.net>
Subject: Re: [MacPerl] No Tainting?
From: Ronald J Kimball <rjk@linguist.dartmouth.edu>
Date: Tue, 3 Oct 2000 14:19:40 -0400
Cc: macperl@macperl.org
In-Reply-To: <5.0.0.25.2.20001003132606.00a0a730@mail.totalnetnh.net>; from Kevin Hemenway on Tue, Oct 03, 2000 at 01:36:45PM -0400
References: <5.0.0.25.2.20001003132606.00a0a730@mail.totalnetnh.net>

On Tue, Oct 03, 2000 at 01:36:45PM -0400, Kevin Hemenway wrote:
> I've wanted to use tainting in a script, and have politely added this to my 
> shebang (yes, MacPerl "checks for !# line").
> 
> #!/usr/bin/perl -wT
> 
> Primarily, I develop on the Mac so I can use the wonders of BBEdit 6.0 from 
> Bare Bones (did it again, did you see that Jim? no spanking for that other 
> guy! [injoke to BBEdit-Talk people]). But, I have every intention of my 
> programs running under Windows, Linux, and the Mac as well.
> 
> So, anyways, I turn on -T, and I get an error from MacPerl saying that it's 
> "too late for -T". Doing a Shuck on "taint", "-T", "taint mode" and so 
> forth brings nothing exciting up. Nor does the Camel Book list that error 
> message.
> 
> I know there's a menu item in MacPerl where I can enable taint checking, 
> but that limits me to tainting on the Mac only, which although can prove 
> helpful, doesn't excite me if someone decides to fuxor with the script on 
> other OS's.
> 
> My questions:
> 
>    a) Why can't I use -T on the shebang in MacPerl? (or,
>       if I can, what's my problem?
> 
>    b) Is there any system variable I can set after I
>       determine what OS I'm using?

perldiag:

       Too late for """"-T"""" option

           (X) The #! line (or local equivalent) in a Perl script
           contains the -T option, but Perl was not invoked with
           -T in its command line.  This is an error because, by
           the time Perl discovers a -T in a script, it's too
           late to properly taint everything from the
           environment.  So Perl gives up.
 
           If the Perl script is being executed as a command
           using the #!  mechanism (or its local equivalent),
           this error can usually be fixed by editing the #! line
           so that the -T option is a part of Perl's first
           argument: e.g. change perl -n -T to perl -T -n.
 
           If the Perl script is being executed as perl
           scriptname, then the -T option must appear on the
           command line: perl -T scriptname.


If you want to use taint-checking in MacPerl, you have to turn on the taint
checking menu option.  If you turn taint-checking on with the menu option,
then you can leave the -T on the #! line, so you can distribute your script
to other platforms with taint-checking enforced.


> b) deserves some more info. Right now, I check for my path delimiter by 
> comparing $^0 and then setting $delimiter to whatever I need (: for Mac, 
> etc.). Can I turn on tainting based on this check as well? (ie. live with 
> menu tainting in MacPerl, but turn tainting on for other OS's.)

You might want to use the File::Spec module for determining the delimiter,
as well as other path operations.


Ronald

# ===== Want to unsubscribe from this list?
# ===== Send mail with body "unsubscribe" to macperl-request@macperl.org

References:
- [MacPerl] No Tainting?
  - From: Kevin Hemenway <info@totalnetnh.net>

Prev by Date: [MacPerl] No Tainting?
Next by Date: Re: [MacPerl] dismissing dialogs with glue
Prev by thread: [MacPerl] No Tainting?
Next by thread: Re: [MacPerl] No Tainting?
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net