Juerd wrote:
I'm willing to exchange some security for performance in this case. But
I do think -T should stay the default.
I have no idea which of -w and -T had which overhead.
-w has no significant run-time effects that I am aware of, whereas -T
has only run-time effects. With tainting turned on, there are a bunch
of codepath's that come into effect (you always suffer the initial taint
check), so I wouldn't be suprised if that was always going to be slower
(for example, any time you copy an SV, the taint magic has to be copied,
too).
If someone wanted to audit the code, we might be able to reduce the
tainting to a specific section of the code (like just in [some] plugins)
and remove the global taint checks in the core code. I don't know if it
is worth the effort, though. There are probably much better places to
improve efficiency (as demonstrated by the high_perf branch)...
John
