Re: Taint - having some real trouble here, taint/perl experts, please help

From: Alan J. Flavell (flavell_at_ph.gla.ac.uk)
Date: 10/24/03 

Date: Fri, 24 Oct 2003 10:36:46 +0100

On Fri, 24 Oct 2003 foo2@on-spammers2.com wrote:

> On Wed, 22 Oct 2003 16:39:16 -0500, tadmc@augustmail.com (Tad
> McClellan) wrote:
>
> >There is no pattern match in that code, so nothing can possibly
> >become untainted.
> >
> >When you copy tainted data, the copy is tainted too.
>
> Methinks you're not paying attention.

Seems to me that your evaluation of Tad is erroneous.

> The untainting is done later (and quite effectively and
> correctly,

I'd rather say that the benefits of the taint check are wilfully
discarded at that point. "effectively" and "correctly" would not be
my terminology of choice for doing that, in the circumstances.

> it seems to me, given that he really didn't want taint at
> all and he thought it might be on.)

Well then, take away that "given". There's a right and a wrong way to
go about this, and I see no grounds for finding a string of excuses
for using the wrong way, when the right way could be simpler _and_
more transparent. And could well serve as a safety-harness to protect
the programmer from potential consequences of their own assumptions.

We still aren't really any nearer to locating the original problem,
but this kind of special pleading is not really getting us any closer,
if I may say so.