>>>>> "John" == John Doe <[EMAIL PROTECTED]> writes:
John> Imagine the above tainted() without the '#' in the evaled string, and
$data
John> contains 'system ("rm -rf;")':
John> 1. $nada would be executed
John> 2. the quotes around the evaled string would not be necessary
But this is still broken. Imagine the string containing
"\n system q{rm -rf /};"
Ooops!
When *I* was in charge of the camel book (first and second editions),
such crap would never have remained. {sigh}
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
