On Fri, Sep 15, 2000 at 05:04:23PM -0400, Chaim Frenkel wrote:
> > "DS" == Dan Sugalski <[EMAIL PROTECTED]> writes:
> >> But these all lack command line switches that are passed to perl.
>
> DS> No, they don't. Not everywhere, certainly. Command-line switches
> DS> can be passed to all of 'em
On Fri, Sep 15, 2000 at 01:33:01PM -0700, Nathan Wiger wrote:
> Michael G Schwern wrote:
> >
> > perl6-internals is probably the wrong forum for this, it was just
> > convenient. I think Dan's got the right idea, distribute a Taint
> > module with Perl.
>
> I'm not sure what's happened on -inte
> "DS" == Dan Sugalski <[EMAIL PROTECTED]> writes:
>> But these all lack command line switches that are passed to perl.
DS> No, they don't. Not everywhere, certainly. Command-line switches
DS> can be passed to all of 'em. Not everyone counts on the magic
DS> shebang line to find the command
Michael G Schwern wrote:
>
> perl6-internals is probably the wrong forum for this, it was just
> convenient. I think Dan's got the right idea, distribute a Taint
> module with Perl.
I'm not sure what's happened on -internals, but early on in
perl6-language I suggested something similar, and Lar
On Fri, Sep 15, 2000 at 04:01:11PM -0400, Dan Sugalski wrote:
> >Anyhow, however these extra tainting functions are implemented is fine
> >(as long as they work). The simplest thing would be to just merge and
> >patch up Taint.pm and distribute it with perl6.
>
> Yup. I know Tom wanted an all-pe
At 03:58 PM 9/15/00 -0400, Chaim Frenkel wrote:
> > "DS" == Dan Sugalski <[EMAIL PROTECTED]> writes:
>
>DS> Any time the code being executed isn't being run as the person asking for
>DS> its execution you can have problems. Think daemons in perl, or
>DS> client-server code. (Like CGI programs,
At 03:38 PM 9/15/00 -0400, Michael G Schwern wrote:
>On Fri, Sep 15, 2000 at 01:03:50PM -0400, Dan Sugalski wrote:
> > Take a look at the Taint modules on CPAN. Mine does just these, and I
> think
> > Tom Phoenix's does a bunch more.
>
>Tom's Taint.pm has never worked for me. I just tried instal
> "DS" == Dan Sugalski <[EMAIL PROTECTED]> writes:
DS> Any time the code being executed isn't being run as the person asking for
DS> its execution you can have problems. Think daemons in perl, or
DS> client-server code. (Like CGI programs, or mailing-list managers) Jobs run
DS> automagical
At 03:43 PM 9/15/00 -0400, Michael G Schwern wrote:
>On Fri, Sep 15, 2000 at 02:00:04PM -0400, Adam Turoff wrote:
> > I'm kinda surfing the edge here. -T is definately an internals issue,
> > but $TAINT? taint()? is_tainted()?
> >
> > I'm not sure if they should be exposed into the language fro
> "JH" == Jarkko Hietaniemi <[EMAIL PROTECTED]> writes:
JH> It may not be. Think CGI.
JH> The code is running under what ever poor security measures the silly
JH> subclued webmaster set it up to be, and has access to which ever files
JH> yadayadayada.
No command line switches there. Only t
On Fri, Sep 15, 2000 at 02:00:04PM -0400, Adam Turoff wrote:
> I'm kinda surfing the edge here. -T is definately an internals issue,
> but $TAINT? taint()? is_tainted()?
>
> I'm not sure if they should be exposed into the language from the
> internals, or if a superstudly taint.xs in stdlib i
On Fri, Sep 15, 2000 at 01:03:50PM -0400, Dan Sugalski wrote:
> Take a look at the Taint modules on CPAN. Mine does just these, and I think
> Tom Phoenix's does a bunch more.
Tom's Taint.pm has never worked for me. I just tried installing it
again and it failed a bunch of tests (in both 5.005 a
On Fri, Sep 15, 2000 at 02:11:55PM -0400, Dan Sugalski wrote:
> -c in there between the load-time things
> (-M, -T, -U, etc...) and the runtime things (-n, -p)
I'd say -c should be last, if only to keep Abigail happy:
% perl -nce '}print $.; {'
-e syntax OK
simon@deep-dark-truthful-mirror ~/p
At 01:53 PM 9/15/00 -0400, Adam Turoff wrote:
>On Fri, Sep 15, 2000 at 01:04:50PM -0400, Dan Sugalski wrote:
> > At 01:15 AM 9/15/00 -0400, Adam Turoff wrote:
> > >On Thu, Sep 14, 2000 at 10:37:40PM -0400, Chaim Frenkel wrote:
> > > > I vaguely recall when Chip put that in. He worked pretty hard t
On Fri, Sep 15, 2000 at 01:03:50PM -0400, Dan Sugalski wrote:
> At 04:52 AM 9/15/00 -0400, Michael G Schwern wrote:
> >On Fri, Sep 15, 2000 at 01:52:00AM -, Perl6 RFC Librarian wrote:
> > > =head1 TITLE
> > >
> > > Extend the window to turn on taint mode
> >
> >As long as we're talking about t
On Fri, Sep 15, 2000 at 01:04:50PM -0400, Dan Sugalski wrote:
> At 01:15 AM 9/15/00 -0400, Adam Turoff wrote:
> >On Thu, Sep 14, 2000 at 10:37:40PM -0400, Chaim Frenkel wrote:
> > > I vaguely recall when Chip put that in. He worked pretty hard to
> > > adjust the command line/#! option processing.
At 09:19 AM 9/15/00 -0400, Chaim Frenkel wrote:
> > "JH" == Jarkko Hietaniemi <[EMAIL PROTECTED]> writes:
>
> >> (Someone remind me, What is the point of -T if not running setuid?)
>JH> Being paranoid is never a bad idea because They are always out to get you.
>
>That's fine, but tell me what
At 04:52 AM 9/15/00 -0400, Michael G Schwern wrote:
>On Fri, Sep 15, 2000 at 01:52:00AM -, Perl6 RFC Librarian wrote:
> > =head1 TITLE
> >
> > Extend the window to turn on taint mode
>
>As long as we're talking about tainting (this is a good idea, BTW) how
>does everyone feel about a few other
At 01:15 AM 9/15/00 -0400, Adam Turoff wrote:
>On Thu, Sep 14, 2000 at 10:37:40PM -0400, Chaim Frenkel wrote:
> > I vaguely recall when Chip put that in. He worked pretty hard to
> > adjust the command line/#! option processing. (Something about
> > unsafe operations already being done before the
> "AT" == Adam Turoff <[EMAIL PROTECTED]> writes:
AT> The crux of my proposal/request is that when perl6 innards are
AT> designed, -T processing is handled the same way -p and -i are.
AT> That is, option processing should start out cleaner than what
AT> is in 5.7.0 or what was in 5.004 (at le
On Fri, Sep 15, 2000 at 09:19:14AM -0400, Chaim Frenkel wrote:
> > "JH" == Jarkko Hietaniemi <[EMAIL PROTECTED]> writes:
>
> >> (Someone remind me, What is the point of -T if not running setuid?)
> JH> Being paranoid is never a bad idea because They are always out to get you.
>
> That's fine
> "JH" == Jarkko Hietaniemi <[EMAIL PROTECTED]> writes:
>> (Someone remind me, What is the point of -T if not running setuid?)
JH> Being paranoid is never a bad idea because They are always out to get you.
That's fine, but tell me what security breach can be caused by not having
a -T?
The p
On Fri, Sep 15, 2000 at 01:52:00AM -, Perl6 RFC Librarian wrote:
> =head1 TITLE
>
> Extend the window to turn on taint mode
As long as we're talking about tainting (this is a good idea, BTW) how
does everyone feel about a few other tainting widgets...
- A way to know when taint mode is on.
On Thu, Sep 14, 2000 at 10:37:40PM -0400, Chaim Frenkel wrote:
> I vaguely recall when Chip put that in. He worked pretty hard to
> adjust the command line/#! option processing. (Something about
> unsafe operations already being done before the script is read.)
The crux of my proposal/request is
On 14 Sep 2000, Chaim Frenkel wrote:
> (Someone remind me, What is the point of -T if not running setuid?)
All you need to get root is an unprivilaged shell on anything but a
fully patched machine. A dumb Perl CGI running without -T is all you need
to get a shell.
Besides, I bet most online st
> (Someone remind me, What is the point of -T if not running setuid?)
Being paranoid is never a bad idea because They are always out to get you.
--
$jhi++; # http://www.iki.fi/jhi/
# There is this special biologist word we use for 'stable'.
# It is 'dead'. -- Jack Cohen
I vaguely recall when Chip put that in. He worked pretty hard to
adjust the command line/#! option processing. (Something about
unsafe operations already being done before the script is read.)
You are asking for the first line of the input script be read before
any of the command line arguments a
27 matches
Mail list logo
