I can't find the full original thread, but somewhere it was suggested
that $^O be removed because it's the same as $OSNAME. Again, I'm against
this, I use it all the time.
However, this got me thinking. Here is an idea I'd like to see: The
existence of a $^T variable for controlling tainting in the same way
that $^W controls warnings. Now *that* would be cool. I realize the
current implementation of tainting requires it starts with the
interpreter, but hey we're rewriting the internals, right?
I know there's the secret "null match untainting trick", but this is
really a kludge after all. I'd love to be able to say:
local($^T) = 0;
$ENV{PATH} = read_path();
local($^T) = 1;
Maybe this could be implemented by telling the "tainter" that any
variables declared while it's "off" are just as safe as hardwired stuff?
Or, maybe the tainter could at least trust anything read from
non-group-writeable files that are owned by the script's owner (ala
Sendmail)? The main problem I have is trying to setup $ENV{PATH} from an
external config file and then run it with -T, even if the config file
and script are in safe locations.
-Nate
