Ariel Scolnicov wrote:
>
> Unfortunately, this would mean your example above doesn't quite work.
> One possibility is to say that $^T controls taint *checking*, but not
> tainting itself[1]!
This is actually a good distinction that's worth some more discussion.
One could set the implementation so that you still had to use -T if you
wanted tainting, but could selectively turn taint *checking* off in a
scope by setting $^T = 0 (trusting any *data* used).
So perhaps:
#! perl -T
# [ ... ]
{ local $^T = 0; $ENV{PATH} = $unsafe_data; }
# [ ... ]
system "sh -c echo 'Hello, world!'"; # ?????
However, the question here is: "Would $ENV{PATH} be tainted?" If so, I
would argue you don't gain much, since the system() call would still
result in an "Insecure dependency" error.
Also, this presents a problem:
#! perl
# [ ... ]
$^T = 1;
If -T is specified, we can turn tainting on. However, if $^T is only a
toggle for taint checking, then there are three possibilities in this
example:
1. Tainting must always be on, just in case the user sets $^T
2. The above example generates an error, like "Invalid attempt
to turn tainting on with $^T (must specify -T switch)"
3. Some type of pre-parsing must occur, looking for $^T ahead
of time so that it can work like -T.
-Nate