This and other RFCs are available on the web at
http://dev.perl.org/rfc/
=head1 TITLE
Extend the window to turn on taint mode
=head1 VERSION
Maintainer: Adam Turoff <[EMAIL PROTECTED]>
Date: Sep 14 2000
Mailing List: [EMAIL PROTECTED]
Number: 227
Version: 1
Status: Developing
=head1 ABSTRACT
Taint mode must be turned on when Perl is invoked. This is frequently
done using:
perl -T foo.pl
or using a preamble like this:
#!/usr/bin/perl -T
However, using the #! mechanism to turn on tainting causes
problems with other perl idioms, such as:
perl -c foo.pl
This dependency should be removed.
=head1 DESCRIPTION
According to the perlrun manpage description of the -T
runtime flag:
[...] For security reasons, this option must be
seen by Perl quite early; usually this means it must
appear early on the command line or in the #! line
for systems which support that construct.
Perl complains when the -T flag is used with the #!
mechanism, and perl is explicitly invoked on the
commandline without the -T flag:
$ cat foo.pl
#!/usr/bin/perl -T
print "Success!\n";
$ perl foo.pl
Too late for "-T" option at foo.pl line 1.
$ perl -c foo.pl
Too late for "-T" option at foo.pl line 1.
$ perl -Tc foo.pl
foo.pl syntax OK
$ perl -T foo.pl
Success!
This RFC proposes that when Perl is explicitly invoked
on the commandline, and runs a script that contains the
-T option on the #! line, Perl should just turn on
taint mode and not complain about it.
=head1 MIGRATION ISSUES
None.
=head1 IMPLEMENTATION
The call sequence which is used to turn on taint mode
should be modified to handle the scenario described
above.
=head1 REFERENCES
perlsec manpage
perlrun manpage
