I think that if a package deliberately tries to untaint data, and then the data isn't untainted, there will be an error shortly.
Perhaps you could be more specific about what you mean by "untainting things which shouldn't be untainted"? Did you mean globals? Otherwise, I'd think that if a package author untainted data, you should let him have it untainted. If the data wasn't untainted CORRECTLY, that's a bug. But otherwise? =Austin --- "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > SUMMARY > > The 'untaintby' property restricts which modules may untaint the data > or > data derived from that data. > > DETAILS > > I was recently using a module I downloaded from CPAN and looking > through > the code I discovered that it untainted certain data that it had no > business untainting (IMHO). The untainting was an unintended > byproduct of > some otherwise useful work. (See my earlier concern about untainting > at > http://makeashorterlink.com/?Y28261A12) > > Now, tainting is a funny thing: it's an admission that maybe your > program > doesn't work quite the way you want it to. I submit that if it's > healthy to > doubt the perfection of your own code (even though you run it), it's > also > healthy to doubt other people's code (even though you use it). I > would feel > a little more comfortable if I could say "I'll hold back the > untainting to > just my own code". > > Here's my little brainstorm. Objects can be marked with a property > called > 'untaintby'. The value of the property is a list of modules that are > allowed to untaint the data. Example: > > my $command is untaintby('MyApp::Commands', 'Util::IdCheck') > = CGI.param('command'); > > Any module that isn't authorized by that list cannot untaint the > data, and > cannot derive untainted data from it. No error results from a class > trying > to do an unauthorized untaint: the data just isn't untainted. > > So, for example, if the data were copied into $privatecmd in > Foo::Bar, that > copied value would inherit the untaintby property. If a regex were > run > against $privatecmd... > > # bad untainting, bad! > $mycmd =~ m|([^!-`])+|; > $newcmd = $1; > > ... $newcmd would also inherit the untaintby property, and would > still be > tainted. Modules may further restrict the untaintby property (i.e, > shorten > the list) but they may not add to it. > > The module that initially sets the untaintby property is by default > included in the list, so to restrict to just the current class you > could > say > > my $command is untaintby() = CGI.param('command'); > > (Hmm, I'm not sure about that, though. It isn't clear just reading > it that > the current module can untaint. What do you think?) > > -Miko > > > > -------------------------------------------------------------------- > mail2web - Check your email from the web at > http://mail2web.com/ . > > __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com
