FAQ
Here's a little patch that adds in ${^TAINT}, a variable to tell you
if the program is running under taint mode or not. Useful to let
programs provide better warning and error messages than the usual
"Insecure dependency".

perlvar, t/op/magic.t and t/op/taint.t have been updated. Two things
are left to do:

1) Although assigning to ${^TAINT} is a no-op, I can't figure out how
to get assigning to ${^TAINT} to die with a "Modification of a
read-only value attempted" error as with $^S.

2) Not quite sure where to mention this in perlsec.


--- pod/perlvar.pod 2001/10/08 19:44:18 1.1
+++ pod/perlvar.pod 2001/10/08 19:45:21
@@ -1039,6 +1039,11 @@
epoch (beginning of 1970). The values returned by the B<-M>, B<-A>,
and B<-C> filetests are based on this value.

+=item ${^TAINT}
+
+Reflects if taint mode is on or off (ie. if the program was run with
+B<-T> or not). True for on, false for off.
+
=item $PERL_VERSION

=item $^V
--- t/op/taint.t 2001/10/08 19:38:46 1.1
+++ t/op/taint.t 2001/10/08 19:42:52
@@ -15,6 +15,20 @@
use strict;
use Config;

+my $test = 177;
+sub ok {
+ my($ok, $name) = @_;
+
+ # You have to do it this way or VMS will get confused.
+ print $ok ? "ok $test - $name\n" : "not ok $test - $name\n";
+
+ printf "# Failed test at line %d\n", (caller)[2] unless $ok;
+
+ $test++;
+ return $ok;
+}
+
+
$| = 1;

# We do not want the whole taint.t to fail
@@ -109,7 +123,7 @@
close PROG;
my $echo = "$Invoke_Perl $ECHO";

-print "1..176\n";
+print "1..178\n";

# First, let's make sure that Perl is checking the dangerous
# environment variables. Maybe they aren't set yet, so we'll
@@ -884,4 +898,13 @@
print "# untainted:\n", @untainted if @untainted;
}

+
+ok( ${^TAINT}, '$^TAINT is on' );
+
+eval { ${^TAINT} = 0 };
+ok( ${^TAINT}, '$^TAINT is not assignable' );
+
+# TODO
+# ok( $@ =~ /^Modification of a read-only value attempted/,
+# 'Assigning to taint pukes properly' );

--- t/op/magic.t 2001/10/08 19:48:07 1.1
+++ t/op/magic.t 2001/10/08 19:49:44
@@ -35,7 +35,7 @@
return 1;
}

-print "1..41\n";
+print "1..43\n";

$Is_MSWin32 = $^O eq 'MSWin32';
$Is_NetWare = $^O eq 'NetWare';
@@ -283,3 +283,7 @@
ok $^S == 0;
eval { ok $^S == 1 };
ok $^S == 0;
+
+ok ${^TAINT} == 0;
+eval { ${^TAINT} = 1 };
+ok ${^TAINT} == 0;
--- mg.c 2001/10/08 19:05:02 1.1
+++ mg.c 2001/10/08 19:34:11
@@ -612,12 +612,16 @@
}
break;
case '\024': /* ^T */
+ if (*(mg->mg_ptr+1) == '\0') {
#ifdef BIG_TIME
- sv_setnv(sv, PL_basetime);
+ sv_setnv(sv, PL_basetime);
#else
- sv_setiv(sv, (IV)PL_basetime);
+ sv_setiv(sv, (IV)PL_basetime);
#endif
- break;
+ }
+ else if (strEQ(mg->mg_ptr, "\024AINT"))
+ sv_setiv(sv, PL_tainting);
+ break;
case '\027': /* ^W & $^WARNING_BITS & ^WIDE_SYSTEM_CALLS */
if (*(mg->mg_ptr+1) == '\0')
sv_setiv(sv, (IV)((PL_dowarn & G_WARN_ON) ? TRUE : FALSE));
--- gv.c 2001/10/08 19:24:56 1.1
+++ gv.c 2001/10/08 19:29:55
@@ -893,7 +893,6 @@
case '\011': /* $^I, NOT \t in EBCDIC */
case '\016': /* $^N */
case '\020': /* $^P */
- case '\024': /* $^T */
if (len > 1)
break;
goto magicalize;
@@ -910,6 +909,10 @@
if (len > 1)
break;
goto ro_magicalize;
+ case '\024': /* $^T */
+ if (len > 1 && strNE(name, "\024AINT"))
+ break;
+ goto magicalize;
case '\027': /* $^W & $^WARNING_BITS */
if (len > 1 && strNE(name, "\027ARNING_BITS")
&& strNE(name, "\027IDE_SYSTEM_CALLS"))


--

Michael G. Schwern <schwern@pobox.com> http://www.pobox.com/~schwern/
Perl6 Quality Assurance <perl-qa@perl.org> Kwalitee Is Job One
That which stirs me, stirs everything.
-- Squonk Opera, "Spoon"

Search Discussions

  • Graham Barr at Oct 8, 2001 at 8:05 pm

    On Mon, Oct 08, 2001 at 03:55:59PM -0400, Michael G Schwern wrote:
    Here's a little patch that adds in ${^TAINT}, a variable to tell you
    if the program is running under taint mode or not. Useful to let
    programs provide better warning and error messages than the usual
    "Insecure dependency".
    Given that $^X is always tainted, why not just use

    use Scalar::Util qw(tainted);

    if (tainted($^X)) {
    ...
    }

    Graham.
  • Michael G Schwern at Oct 8, 2001 at 8:15 pm

    On Mon, Oct 08, 2001 at 09:05:08PM +0100, Graham Barr wrote:
    On Mon, Oct 08, 2001 at 03:55:59PM -0400, Michael G Schwern wrote:
    Here's a little patch that adds in ${^TAINT}, a variable to tell you
    if the program is running under taint mode or not. Useful to let
    programs provide better warning and error messages than the usual
    "Insecure dependency".
    Given that $^X is always tainted, why not just use

    use Scalar::Util qw(tainted);

    if (tainted($^X)) {
    ...
    }
    $^X can't be trusted.

    #!/usr/bin/perl -T

    use Scalar::Util qw(tainted);

    $^X = 'foo';
    print tainted($^X) ? "Taint mode on" : "Taint mode off";


    On that note, why is $^X assignable?


    --

    Michael G. Schwern <schwern@pobox.com> http://www.pobox.com/~schwern/
    Perl6 Quality Assurance <perl-qa@perl.org> Kwalitee Is Job One
    Maybe they hooked you up with one of those ass-making magazines.
    -- brian d. foy as misheard by Michael G Schwern
  • Jarkko Hietaniemi at Oct 8, 2001 at 8:30 pm
    On that note, why is $^X assignable?
    Because from portability viewpoint it is a rather useless variable,
    anyway (as we have recently seen), so assigning to it is neither here
    nor there?

    --
    $jhi++; # http://www.iki.fi/jhi/
    # There is this special biologist word we use for 'stable'.
    # It is 'dead'. -- Jack Cohen
  • Michael G Schwern at Oct 8, 2001 at 8:50 pm

    On Mon, Oct 08, 2001 at 11:30:47PM +0300, Jarkko Hietaniemi wrote:
    On that note, why is $^X assignable?
    Because from portability viewpoint it is a rather useless variable,
    anyway (as we have recently seen), so assigning to it is neither here
    nor there?
    Under that argument we should just eliminate it.

    $^X is obviously plenty useful if you're not worrying about taint
    mode.

    `$^X -e "..."`

    it's used all over the place in the tests in various forms.


    --

    Michael G. Schwern <schwern@pobox.com> http://www.pobox.com/~schwern/
    Perl6 Quality Assurance <perl-qa@perl.org> Kwalitee Is Job One
    That which stirs me, stirs everything.
    -- Squonk Opera, "Spoon"
  • Nicholas Clark at Oct 8, 2001 at 8:58 pm

    On Mon, Oct 08, 2001 at 04:50:32PM -0400, Michael G Schwern wrote:
    On Mon, Oct 08, 2001 at 11:30:47PM +0300, Jarkko Hietaniemi wrote:
    On that note, why is $^X assignable?
    Because from portability viewpoint it is a rather useless variable,
    anyway (as we have recently seen), so assigning to it is neither here
    nor there?
    Under that argument we should just eliminate it.
    And $^O, as that can be assigned to :-)
    $^X is obviously plenty useful if you're not worrying about taint
    mode.

    `$^X -e "..."`

    it's used all over the place in the tests in various forms.
    Ditto.
    [Although, really we should be testing $Config{this} and $Config{this}
    instead of $^O, shouldn't we?

    Nicholas Clark
  • Andy Dougherty at Oct 9, 2001 at 1:04 pm

    In perl.perl5.porters, you wrote:
    On Mon, Oct 08, 2001 at 04:50:32PM -0400, Michael G Schwern wrote:
    On Mon, Oct 08, 2001 at 11:30:47PM +0300, Jarkko Hietaniemi wrote:
    On that note, why is $^X assignable?
    Because from portability viewpoint it is a rather useless variable,
    anyway (as we have recently seen), so assigning to it is neither here
    nor there?
    Under that argument we should just eliminate it.
    And $^O, as that can be assigned to :-)
    That's actually deliberate so that you can (if you're in a warped
    testing frame of mind) test alternate branches of code without having
    to actually have all the different operating systems.
    $^X is obviously plenty useful if you're not worrying about taint
    mode.

    `$^X -e "..."`

    it's used all over the place in the tests in various forms.
    But in those cases, the script was called in a well-known and
    controlled way, so $^X turns out to be useful.
    Ditto.
    [Although, really we should be testing $Config{this} and $Config{this}
    instead of $^O, shouldn't we?
    Yes, but. $^O is built in, so it can be used without loading up the
    Config module. As much as is reasonable, we'd like to be able to run
    tests without assuming that Config.pm was successfully built.

    --
    Andy Dougherty doughera@lafayette.edu
    Dept. of Physics
    Lafayette College, Easton PA 18042
  • Jarkko Hietaniemi at Oct 8, 2001 at 8:59 pm

    On Mon, Oct 08, 2001 at 04:50:32PM -0400, Michael G Schwern wrote:
    On Mon, Oct 08, 2001 at 11:30:47PM +0300, Jarkko Hietaniemi wrote:
    On that note, why is $^X assignable?
    Because from portability viewpoint it is a rather useless variable,
    anyway (as we have recently seen), so assigning to it is neither here
    nor there?
    Under that argument we should just eliminate it.
    If you read carefully you'll notice I didn't say completely useless.

    I'm just getting nonplussed by the fallacy that $^X has much to do
    with either absolute paths or $ENV{PATH}.
    $^X is obviously plenty useful if you're not worrying about taint
    mode.

    `$^X -e "..."`

    it's used all over the place in the tests in various forms.
    In the tests perl is being called with a path which while not
    absolute does not rely on $ENV{PATH}: ./perl

    --
    $jhi++; # http://www.iki.fi/jhi/
    # There is this special biologist word we use for 'stable'.
    # It is 'dead'. -- Jack Cohen
  • Michael G Schwern at Oct 8, 2001 at 9:10 pm

    On Mon, Oct 08, 2001 at 11:59:02PM +0300, Jarkko Hietaniemi wrote:
    I'm just getting nonplussed by the fallacy that $^X has much to do
    with either absolute paths or $ENV{PATH}.
    Oh, I'm done with that fallacy. I'm plenty convinced that the $^X +
    $ENV{PATH} trick won't work.

    We're on to brand new fallacies now! :)


    --

    Michael G. Schwern <schwern@pobox.com> http://www.pobox.com/~schwern/
    Perl6 Quality Assurance <perl-qa@perl.org> Kwalitee Is Job One
    Death follows me like a wee followey thing.
    -- Quakeman
  • Nick Ing-Simmons at Oct 9, 2001 at 12:18 pm

    Michael G Schwern writes:
    On Mon, Oct 08, 2001 at 11:30:47PM +0300, Jarkko Hietaniemi wrote:
    On that note, why is $^X assignable?
    Because from portability viewpoint it is a rather useless variable,
    anyway (as we have recently seen), so assigning to it is neither here
    nor there?
    Under that argument we should just eliminate it.

    $^X is obviously plenty useful if you're not worrying about taint
    mode.

    `$^X -e "..."`
    Well given that on linux 2.2 $^X is 'perl' (no path) that is a bug
    in the tests.
    it's used all over the place in the tests in various forms.
    --
    Nick Ing-Simmons
    http://www.ni-s.u-net.com/
  • Ronald J Kimball at Oct 9, 2001 at 1:50 pm

    On Tue, Oct 09, 2001 at 01:08:03PM +0100, Nick Ing-Simmons wrote:
    Michael G Schwern <schwern@pobox.com> writes:
    On Mon, Oct 08, 2001 at 11:30:47PM +0300, Jarkko Hietaniemi wrote:
    On that note, why is $^X assignable?
    Because from portability viewpoint it is a rather useless variable,
    anyway (as we have recently seen), so assigning to it is neither here
    nor there?
    Under that argument we should just eliminate it.

    $^X is obviously plenty useful if you're not worrying about taint
    mode.

    `$^X -e "..."`
    Well given that on linux 2.2 $^X is 'perl' (no path) that is a bug
    in the tests.
    On my linux 2.2 machine, $^X is 'perl' only if perl was executed as 'perl'.
    If perl was executed as '/usr/bin/perl', then $^X is '/usr/bin/perl', and
    similarly for '/usr/local/bin/perl', './perl', etc.

    Ronald
  • Nick Ing-Simmons at Oct 9, 2001 at 2:14 pm

    Ronald J Kimball writes:
    $^X is obviously plenty useful if you're not worrying about taint
    mode.

    `$^X -e "..."`
    Well given that on linux 2.2 $^X is 'perl' (no path) that is a bug
    in the tests.
    On my linux 2.2 machine, $^X is 'perl' only if perl was executed as 'perl'.
    If perl was executed as '/usr/bin/perl', then $^X is '/usr/bin/perl', and
    similarly for '/usr/local/bin/perl', './perl', etc.
    Well so 2.2 isn't sufficent to define the platform that has the behaviour
    as I said yesterday:

    nick@bactrian 512$ cat !$
    cat /tmp/x
    #!/usr/local/bin/perl -w
    print "$^X\n";
    nick@bactrian 513$ /tmp/x
    perl
    nick@bactrian 514$ uname -a
    Linux bactrian 2.2.14 #14 Sun Jul 16 14:46:59 BST 2000 i686 unknown

    That is SuSE 6.4

    --
    Nick Ing-Simmons
    http://www.ni-s.u-net.com/
  • Nicholas Clark at Oct 9, 2001 at 2:20 pm

    On Tue, Oct 09, 2001 at 03:03:57PM +0100, Nick Ing-Simmons wrote:
    Ronald J Kimball <rjk@linguist.thayer.dartmouth.edu> writes:
    On my linux 2.2 machine, $^X is 'perl' only if perl was executed as 'perl'.
    If perl was executed as '/usr/bin/perl', then $^X is '/usr/bin/perl', and
    similarly for '/usr/local/bin/perl', './perl', etc.
    Well so 2.2 isn't sufficent to define the platform that has the behaviour
    as I said yesterday:

    nick@bactrian 512$ cat !$
    cat /tmp/x
    #!/usr/local/bin/perl -w
    print "$^X\n";
    nick@bactrian 513$ /tmp/x
    perl
    nick@bactrian 514$ uname -a
    Linux bactrian 2.2.14 #14 Sun Jul 16 14:46:59 BST 2000 i686 unknown

    That is SuSE 6.4
    IIRC I found that on whatever 2.2 I tried $^X wasn't absolute from a
    shebang line.

    Meanwhile, can we harness the heat and decide whether to pump it into
    writing a patch in C of the form

    if argv[0] doesn't start with /, and /proc/self/exe exists, then stat
    what it points to, stat argv[0], and if they're the same file then
    use whatever /proc/self/exe points to as $^X ?


    Also, IIRC, I managed to come up with a #! line that coped with trailing
    carriage returns on Linux, FreeBSD and Solaris about 9 months ago.
    (correct me if I'm wrong, but one problem with DOS line ending files on
    unix is that even if perl can strip the carriage returns, the kernel doesn't
    on the #! line, and puts a carriage return into the name of the executable
    it was trying to fine)

    No-one seemed to be interested. Was I wrong to think that it was useful?

    Nicholas Clark
  • Jarkko Hietaniemi at Oct 9, 2001 at 2:28 pm

    On Tue, Oct 09, 2001 at 03:20:49PM +0100, Nicholas Clark wrote:
    On Tue, Oct 09, 2001 at 03:03:57PM +0100, Nick Ing-Simmons wrote:
    Ronald J Kimball <rjk@linguist.thayer.dartmouth.edu> writes:
    On my linux 2.2 machine, $^X is 'perl' only if perl was executed as 'perl'.
    If perl was executed as '/usr/bin/perl', then $^X is '/usr/bin/perl', and
    similarly for '/usr/local/bin/perl', './perl', etc.
    Well so 2.2 isn't sufficent to define the platform that has the behaviour
    as I said yesterday:

    nick@bactrian 512$ cat !$
    cat /tmp/x
    #!/usr/local/bin/perl -w
    print "$^X\n";
    nick@bactrian 513$ /tmp/x
    perl
    nick@bactrian 514$ uname -a
    Linux bactrian 2.2.14 #14 Sun Jul 16 14:46:59 BST 2000 i686 unknown

    That is SuSE 6.4
    IIRC I found that on whatever 2.2 I tried $^X wasn't absolute from a
    shebang line.

    Meanwhile, can we harness the heat and decide whether to pump it into
    writing a patch in C of the form

    if argv[0] doesn't start with /, and /proc/self/exe exists, then stat
    what it points to, stat argv[0], and if they're the same file then
    use whatever /proc/self/exe points to as $^X ?
    Nice race conditions there between the three stats... and ahem, what do
    you expect to find by stating argv[0] if it is not an absolute name?

    The /proc/self/exe is a symlink so maybe something like 'if argv[0]
    not starting with / try readlink("/proc/self/exe", buf, sizeof(buf)-1)
    and if that succeeds, use the buf'? Yes, a failing readlink on
    non-Linux platforms that do not have an absolute $^X...
    Also, IIRC, I managed to come up with a #! line that coped with trailing
    carriage returns on Linux, FreeBSD and Solaris about 9 months ago.
    (correct me if I'm wrong, but one problem with DOS line ending files on
    unix is that even if perl can strip the carriage returns, the kernel doesn't
    on the #! line, and puts a carriage return into the name of the executable
    it was trying to fine)

    No-one seemed to be interested. Was I wrong to think that it was useful?
    Sounds like a nifty thing. Please re-send (or dig up an archive URL).
    Nicholas Clark
    --
    $jhi++; # http://www.iki.fi/jhi/
    # There is this special biologist word we use for 'stable'.
    # It is 'dead'. -- Jack Cohen
  • Nicholas Clark at Oct 9, 2001 at 2:50 pm
    We've been on $^X before:

    http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2001-02/msg00371.html
    On Tue, Oct 09, 2001 at 05:28:41PM +0300, Jarkko Hietaniemi wrote:
    Meanwhile, can we harness the heat and decide whether to pump it into
    writing a patch in C of the form

    if argv[0] doesn't start with /, and /proc/self/exe exists, then stat
    what it points to, stat argv[0], and if they're the same file then
    use whatever /proc/self/exe points to as $^X ?
    Nice race conditions there between the three stats... and ahem, what do
    you expect to find by stating argv[0] if it is not an absolute name?
    Does /proc/self/exe change for the duration of the program? I was kind
    of assuming that it didn't. If it doesn't, there's no race to stat it.
    I was also assuming that stating argv[0] would be done once at perl startup,
    before anything managed to chdir, somewhere topologically near main()

    [was thinking this should be done only in a non-embedded perl, but not sure
    how to make it compile sweetly both ways]
    The /proc/self/exe is a symlink so maybe something like 'if argv[0]
    not starting with / try readlink("/proc/self/exe", buf, sizeof(buf)-1)
    and if that succeeds, use the buf'? Yes, a failing readlink on
    non-Linux platforms that do not have an absolute $^X...
    #ifdef __linux__ ?
    (I was trying to avoid more metaconfig units)
    Also, IIRC, I managed to come up with a #! line that coped with trailing
    carriage returns on Linux, FreeBSD and Solaris about 9 months ago.
    No-one seemed to be interested. Was I wrong to think that it was useful?
    Sounds like a nifty thing. Please re-send (or dig up an archive URL).
    Probably needs more portability testing:

    http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2000-10/msg00027.html

    Nicholas Clark
  • Nick Ing-Simmons at Oct 9, 2001 at 3:09 pm

    Nicholas Clark writes:
    if argv[0] doesn't start with /, and /proc/self/exe exists, then stat
    what it points to, stat argv[0], and if they're the same file then
    use whatever /proc/self/exe points to as $^X ?
    Nice race conditions there between the three stats... and ahem, what do
    you expect to find by stating argv[0] if it is not an absolute name?
    Does /proc/self/exe change for the duration of the program?
    I don't know how suid-proof /proc is but I don't think it can change.
    I was kind
    of assuming that it didn't. If it doesn't, there's no race to stat it.
    I was also assuming that stating argv[0] would be done once at perl startup,
    before anything managed to chdir, somewhere topologically near main()
    But on this SuSE Linux $^X is 'perl' even if there isn't a perl in .:

    nick@bactrian 519$ cat /tmp/x
    #!/usr/local/bin/perl -w
    my @info = stat($^X);
    print "$^X - $!\n";
    nick@bactrian 520$ /tmp/x
    perl - No such file or directory
    nick@bactrian 521$
    [was thinking this should be done only in a non-embedded perl, but not sure
    how to make it compile sweetly both ways]
    The /proc/self/exe is a symlink so maybe something like 'if argv[0]
    not starting with / try readlink("/proc/self/exe", buf, sizeof(buf)-1)
    and if that succeeds, use the buf'? Yes, a failing readlink on
    non-Linux platforms that do not have an absolute $^X...
    #ifdef __linux__ ?
    (I was trying to avoid more metaconfig units)
    Why ? does not seem like a hard one to write

    --
    Nick Ing-Simmons
    http://www.ni-s.u-net.com/
  • Jarkko Hietaniemi at Oct 9, 2001 at 3:13 pm
    I don't know how suid-proof /proc is but I don't think it can change.
    Maybe I was overparanoid to suggest but that doesn't mean they are
    not out to get us...
    #ifdef __linux__ ?
    (I was trying to avoid more metaconfig units)
    Why ? does not seem like a hard one to write
    How many metaconfig units have you written recently? :-)
    What do we want to test in that unit?

    --
    $jhi++; # http://www.iki.fi/jhi/
    # There is this special biologist word we use for 'stable'.
    # It is 'dead'. -- Jack Cohen
  • Rafael Garcia-Suarez at Oct 9, 2001 at 3:50 pm
    Nicholas Clark wrote in perl.perl5.porters:
    }
    } Does /proc/self/exe change for the duration of the program? I was kind
    } of assuming that it didn't. If it doesn't, there's no race to stat it.

    The target of /proc/self/exe may change while the program runs.

    } > The /proc/self/exe is a symlink so maybe something like 'if argv[0]
    } > not starting with / try readlink("/proc/self/exe", buf, sizeof(buf)-1)
    } > and if that succeeds, use the buf'? Yes, a failing readlink on
    } > non-Linux platforms that do not have an absolute $^X...
    }
    } #ifdef __linux__ ?

    #if linux >= 2.2 : see the proc(5) man page on linux :

    readlink(2) on the exe special file returns under Linux 2.0 and
    earlier a string in the format: [device]:inode
    [...]
    Under Linux 2.2 the link contains the actual path name of the
    command.
  • Michael G Schwern at Oct 9, 2001 at 8:27 pm

    On Tue, Oct 09, 2001 at 01:08:03PM +0100, Nick Ing-Simmons wrote:
    $^X is obviously plenty useful if you're not worrying about taint
    mode.

    `$^X -e "..."`
    Well given that on linux 2.2 $^X is 'perl' (no path) that is a bug
    in the tests.
    That problem only effects $^X if it's run off the #! line. The tests
    are run explicitly as perl programs with an open(RESULTS, "./perl ... |")
    style.


    --

    Michael G. Schwern <schwern@pobox.com> http://www.pobox.com/~schwern/
    Perl6 Quality Assurance <perl-qa@perl.org> Kwalitee Is Job One
    Obscenity is the last resort of the illiterate, Mother Fucker
    -- KAL
  • Jarkko Hietaniemi at Oct 8, 2001 at 10:09 pm

    On Mon, Oct 08, 2001 at 09:05:08PM +0100, Graham Barr wrote:
    On Mon, Oct 08, 2001 at 03:55:59PM -0400, Michael G Schwern wrote:
    Here's a little patch that adds in ${^TAINT}, a variable to tell you
    if the program is running under taint mode or not. Useful to let
    programs provide better warning and error messages than the usual
    "Insecure dependency".
    Given that $^X is always tainted, why not just use
    'Given that $foo is always bar, why not replace all the occurrences of
    "if (is_bar())" with "if (is_zog($foo))" (plus one "use Zork;" to get
    the definition of is_zog()), even if $foo may be completely irrelevant
    to the situation...' :-) Sorry, not buying. Cute hack, using already
    existing efficient API, yes, but not buying.
    use Scalar::Util qw(tainted);

    if (tainted($^X)) {
    ...
    }

    Graham.
    --
    $jhi++; # http://www.iki.fi/jhi/
    # There is this special biologist word we use for 'stable'.
    # It is 'dead'. -- Jack Cohen
  • Abhijit Menon-Sen at Oct 8, 2001 at 8:10 pm

    At 2001-10-08 15:55:59, schwern@pobox.com wrote:
    I can't figure out how to get assigning to ${^TAINT} to die with a
    "Modification of a read-only value attempted" error as with $^S.
    [...]

    + case '\024': /* $^T */
    + if (len > 1 && strNE(name, "\024AINT"))
    + break;
    + goto magicalize;
    goto ro_magicalize;

    - ams
  • Michael G Schwern at Oct 8, 2001 at 8:23 pm

    On Tue, Oct 09, 2001 at 01:40:23AM +0530, Abhijit Menon-Sen wrote:
    At 2001-10-08 15:55:59, schwern@pobox.com wrote:

    I can't figure out how to get assigning to ${^TAINT} to die with a
    "Modification of a read-only value attempted" error as with $^S.
    [...]

    + case '\024': /* $^T */
    + if (len > 1 && strNE(name, "\024AINT"))
    + break;
    + goto magicalize;
    goto ro_magicalize;
    Unfortunately, I can't seem to make ${^TAINT} readonly and $^T not.

    case '\024': /* $^T */
    if (len > 1 && strNE(name, "\024AINT"))
    goto ro_magicalize;
    goto magicalize;

    You'd think that would work, but it doesn't.

    So I can do:

    case '\024': /* $^T */
    if (len > 1 && strNE(name, "\024AINT"))
    break;
    goto ro_magicalize;

    which would make both $^T and ${^TAINT} read-only. However, $^T
    should be read-only (along with a bunch of other magic variables like
    $^X).

    --

    Michael G. Schwern <schwern@pobox.com> http://www.pobox.com/~schwern/
    Perl6 Quality Assurance <perl-qa@perl.org> Kwalitee Is Job One
    They just don't make any good porn music anymore, do they?
    - WXDX DJ refering to "More, More, More"
  • Graham Barr at Oct 8, 2001 at 8:27 pm

    On Mon, Oct 08, 2001 at 04:23:01PM -0400, Michael G Schwern wrote:
    Unfortunately, I can't seem to make ${^TAINT} readonly and $^T not.

    case '\024': /* $^T */
    if (len > 1 && strNE(name, "\024AINT"))
    goto ro_magicalize;
    goto magicalize;

    You'd think that would work, but it doesn't.
    case '\024': /* $^T */
    if (len > 1 && strNE(name, "\024AINT"))
    break;
    if (len == 1)
    goto magicalize;
    goto ro_magicalize;

    Graham.
  • Graham Barr at Oct 8, 2001 at 8:30 pm

    On Mon, Oct 08, 2001 at 09:26:47PM +0100, Graham Barr wrote:
    On Mon, Oct 08, 2001 at 04:23:01PM -0400, Michael G Schwern wrote:
    Unfortunately, I can't seem to make ${^TAINT} readonly and $^T not.

    case '\024': /* $^T */
    if (len > 1 && strNE(name, "\024AINT"))
    goto ro_magicalize;
    goto magicalize;

    You'd think that would work, but it doesn't.
    case '\024': /* $^T */
    if (len > 1 && strNE(name, "\024AINT"))
    break;
    if (len == 1)
    goto magicalize;
    goto ro_magicalize;
    Or even

    case '\024': /* $^T */
    if (len == 1)
    goto magicalize;
    if (strEQ(name, "\024AINT"))
    goto ro_magicalize;
    break;

    Graham.
  • Michael G Schwern at Oct 8, 2001 at 9:00 pm

    On Mon, Oct 08, 2001 at 09:29:27PM +0100, Graham Barr wrote:
    Or even

    case '\024': /* $^T */
    if (len == 1)
    goto magicalize;
    if (strEQ(name, "\024AINT"))
    goto ro_magicalize;
    break;
    strEQ! Right, silly me.

    Here's another whack, making ${^TAINT} truly read-only.


    --- pod/perlvar.pod 2001/10/08 19:44:18 1.1
    +++ pod/perlvar.pod 2001/10/08 19:45:21
    @@ -1039,6 +1039,11 @@
    epoch (beginning of 1970). The values returned by the B<-M>, B<-A>,
    and B<-C> filetests are based on this value.

    +=item ${^TAINT}
    +
    +Reflects if taint mode is on or off (ie. if the program was run with
    +B<-T> or not). True for on, false for off.
    +
    =item $PERL_VERSION

    =item $^V
    --- t/op/taint.t 2001/10/08 19:38:46 1.1
    +++ t/op/taint.t 2001/10/08 20:53:00
    @@ -15,6 +15,20 @@
    use strict;
    use Config;

    +my $test = 177;
    +sub ok {
    + my($ok, $name) = @_;
    +
    + # You have to do it this way or VMS will get confused.
    + print $ok ? "ok $test - $name\n" : "not ok $test - $name\n";
    +
    + printf "# Failed test at line %d\n", (caller)[2] unless $ok;
    +
    + $test++;
    + return $ok;
    +}
    +
    +
    $| = 1;

    # We do not want the whole taint.t to fail
    @@ -109,7 +123,7 @@
    close PROG;
    my $echo = "$Invoke_Perl $ECHO";

    -print "1..176\n";
    +print "1..179\n";

    # First, let's make sure that Perl is checking the dangerous
    # environment variables. Maybe they aren't set yet, so we'll
    @@ -884,4 +898,11 @@
    print "# untainted:\n", @untainted if @untainted;
    }

    +
    +ok( ${^TAINT}, '$^TAINT is on' );
    +
    +eval { ${^TAINT} = 0 };
    +ok( ${^TAINT}, '$^TAINT is not assignable' );
    +ok( $@ =~ /^Modification of a read-only value attempted/,
    + 'Assigning to taint pukes properly' );

    --- t/op/magic.t 2001/10/08 19:48:07 1.1
    +++ t/op/magic.t 2001/10/08 19:49:44
    @@ -35,7 +35,7 @@
    return 1;
    }

    -print "1..41\n";
    +print "1..43\n";

    $Is_MSWin32 = $^O eq 'MSWin32';
    $Is_NetWare = $^O eq 'NetWare';
    @@ -283,3 +283,7 @@
    ok $^S == 0;
    eval { ok $^S == 1 };
    ok $^S == 0;
    +
    +ok ${^TAINT} == 0;
    +eval { ${^TAINT} = 1 };
    +ok ${^TAINT} == 0;
    --- mg.c 2001/10/08 19:05:02 1.1
    +++ mg.c 2001/10/08 19:34:11
    @@ -612,12 +612,16 @@
    }
    break;
    case '\024': /* ^T */
    + if (*(mg->mg_ptr+1) == '\0') {
    #ifdef BIG_TIME
    - sv_setnv(sv, PL_basetime);
    + sv_setnv(sv, PL_basetime);
    #else
    - sv_setiv(sv, (IV)PL_basetime);
    + sv_setiv(sv, (IV)PL_basetime);
    #endif
    - break;
    + }
    + else if (strEQ(mg->mg_ptr, "\024AINT"))
    + sv_setiv(sv, PL_tainting);
    + break;
    case '\027': /* ^W & $^WARNING_BITS & ^WIDE_SYSTEM_CALLS */
    if (*(mg->mg_ptr+1) == '\0')
    sv_setiv(sv, (IV)((PL_dowarn & G_WARN_ON) ? TRUE : FALSE));
    --- gv.c 2001/10/08 19:24:56 1.1
    +++ gv.c 2001/10/08 20:52:11
    @@ -893,7 +893,6 @@
    case '\011': /* $^I, NOT \t in EBCDIC */
    case '\016': /* $^N */
    case '\020': /* $^P */
    - case '\024': /* $^T */
    if (len > 1)
    break;
    goto magicalize;
    @@ -910,6 +909,13 @@
    if (len > 1)
    break;
    goto ro_magicalize;
    + case '\024': /* $^T */
    + if (len == 1)
    + goto magicalize;
    + else if (strEQ(name, "\024AINT"))
    + goto ro_magicalize;
    + else
    + break;
    case '\027': /* $^W & $^WARNING_BITS */
    if (len > 1 && strNE(name, "\027ARNING_BITS")
    && strNE(name, "\027IDE_SYSTEM_CALLS"))


    --

    Michael G. Schwern <schwern@pobox.com> http://www.pobox.com/~schwern/
    Perl6 Quality Assurance <perl-qa@perl.org> Kwalitee Is Job One
    Death follows me like a wee followey thing.
    -- Quakeman
  • Jarkko Hietaniemi at Oct 8, 2001 at 10:18 pm

    On Mon, Oct 08, 2001 at 05:00:14PM -0400, Michael G Schwern wrote:
    On Mon, Oct 08, 2001 at 09:29:27PM +0100, Graham Barr wrote:
    Or even

    case '\024': /* $^T */
    if (len == 1)
    goto magicalize;
    if (strEQ(name, "\024AINT"))
    goto ro_magicalize;
    break;
    strEQ! Right, silly me.

    Here's another whack, making ${^TAINT} truly read-only.
    Thanks, applied.

    <troll>Why ${^TAINT} is read-only? It would be *so* convenient to ...</troll>

    --
    $jhi++; # http://www.iki.fi/jhi/
    # There is this special biologist word we use for 'stable'.
    # It is 'dead'. -- Jack Cohen
  • Graham Barr at Oct 8, 2001 at 10:20 pm

    On Tue, Oct 09, 2001 at 01:18:17AM +0300, Jarkko Hietaniemi wrote:
    On Mon, Oct 08, 2001 at 05:00:14PM -0400, Michael G Schwern wrote:
    On Mon, Oct 08, 2001 at 09:29:27PM +0100, Graham Barr wrote:
    Or even

    case '\024': /* $^T */
    if (len == 1)
    goto magicalize;
    if (strEQ(name, "\024AINT"))
    goto ro_magicalize;
    break;
    strEQ! Right, silly me.

    Here's another whack, making ${^TAINT} truly read-only.
    Thanks, applied.

    <troll>Why ${^TAINT} is read-only? It would be *so* convenient to ...</troll>
    oooh, local ${^TAINT} = 0;

    :)

    Graham.
  • Abhijit Menon-Sen at Oct 9, 2001 at 3:47 am

    At 2001-10-08 23:19:17, gbarr@pobox.com wrote:
    <troll>Why ${^TAINT} is read-only? It would be *so* convenient to
    ...</troll>
    oooh, local ${^TAINT} = 0;
    Well, if you insist...

    - ams, blithely ignoring what his mommy said about feeding trolls.

    --- current/mg.c~ Tue Oct 9 08:17:31 2001
    +++ current/mg.c Tue Oct 9 08:30:44 2001
    @@ -1815,11 +1815,15 @@
    init_debugger();
    break;
    case '\024': /* ^T */
    + if (*(mg->mg_ptr+1) == '\0') {
    #ifdef BIG_TIME
    - PL_basetime = (Time_t)(SvNOK(sv) ? SvNVX(sv) : sv_2nv(sv));
    + PL_basetime = (Time_t)(SvNOK(sv) ? SvNVX(sv) : sv_2nv(sv));
    #else
    - PL_basetime = (Time_t)(SvIOK(sv) ? SvIVX(sv) : sv_2iv(sv));
    + PL_basetime = (Time_t)(SvIOK(sv) ? SvIVX(sv) : sv_2iv(sv));
    #endif
    + }
    + else if (strEQ(mg->mg_ptr, "\024AINT"))
    + PL_tainting = SvIOK(sv) ? SvIVX(sv) : sv_2iv(sv);
    break;
    case '\027': /* ^W & $^WARNING_BITS & ^WIDE_SYSTEM_CALLS */
    if (*(mg->mg_ptr+1) == '\0') {

    --- current/gv.c~ Tue Oct 9 08:40:24 2001
    +++ current/gv.c Tue Oct 9 08:59:09 2001
    @@ -910,12 +910,9 @@
    break;
    goto ro_magicalize;
    case '\024': /* $^T, ${^TAINT} */
    - if (len == 1)
    - goto magicalize;
    - else if (strEQ(name, "\024AINT"))
    - goto ro_magicalize;
    - else
    + if (len != 1 && strNE(name, "\024AINT"))
    break;
    + goto magicalize;
    case '\027': /* $^W & $^WARNING_BITS */
    if (len > 1 && strNE(name, "\027ARNING_BITS")
    && strNE(name, "\027IDE_SYSTEM_CALLS"))
  • Jarkko Hietaniemi at Oct 9, 2001 at 4:06 am

    - ams, blithely ignoring what his mommy said about feeding trolls.

    --- current/mg.c~ Tue Oct 9 08:17:31 2001
    +++ current/mg.c Tue Oct 9 08:30:44 2001
    @@ -1815,11 +1815,15 @@
    init_debugger();
    break;
    case '\024': /* ^T */
    + if (*(mg->mg_ptr+1) == '\0') {
    #ifdef BIG_TIME
    - PL_basetime = (Time_t)(SvNOK(sv) ? SvNVX(sv) : sv_2nv(sv));
    + PL_basetime = (Time_t)(SvNOK(sv) ? SvNVX(sv) : sv_2nv(sv));
    #else
    - PL_basetime = (Time_t)(SvIOK(sv) ? SvIVX(sv) : sv_2iv(sv));
    + PL_basetime = (Time_t)(SvIOK(sv) ? SvIVX(sv) : sv_2iv(sv));
    #endif
    + }
    + else if (strEQ(mg->mg_ptr, "\024AINT"))
    + PL_tainting = SvIOK(sv) ? SvIVX(sv) : sv_2iv(sv);
    Aaaaaaargh! I'm blind!

    --
    $jhi++; # http://www.iki.fi/jhi/
    # There is this special biologist word we use for 'stable'.
    # It is 'dead'. -- Jack Cohen
  • Benjamin Goldberg at Oct 9, 2001 at 2:41 am
    Michael G Schwern wrote:
    [snip]
    +ok( ${^TAINT}, '$^TAINT is on' );
    +
    +eval { ${^TAINT} = 0 };
    +ok( ${^TAINT}, '$^TAINT is not assignable' );
    +ok( $@ =~ /^Modification of a read-only value attempted/,
    + 'Assigning to taint pukes properly' );
    Umm, shouldn't you *also* have a test for when $^TAINT is false, and we
    attempt to set it to true? For, like, symmetry or something?

    --
    "Just how stupid are you Kuno?"
    "Verily, Tatewaki Kuno knows no limits."
  • Michael G Schwern at Oct 9, 2001 at 7:55 am

    On Mon, Oct 08, 2001 at 10:25:12PM -0400, Benjamin Goldberg wrote:
    Michael G Schwern wrote:
    [snip]
    +ok( ${^TAINT}, '$^TAINT is on' );
    +
    +eval { ${^TAINT} = 0 };
    +ok( ${^TAINT}, '$^TAINT is not assignable' );
    +ok( $@ =~ /^Modification of a read-only value attempted/,
    + 'Assigning to taint pukes properly' );
    Umm, shouldn't you *also* have a test for when $^TAINT is false, and we
    attempt to set it to true? For, like, symmetry or something?
    Yep. I just hopped in my tardis and applied your suggestion to
    t/op/magic.t.

    --

    Michael G. Schwern <schwern@pobox.com> http://www.pobox.com/~schwern/
    Perl6 Quality Assurance <perl-qa@perl.org> Kwalitee Is Job One
    Hold on while I slip into something a little more naked.
  • David Dyck at Oct 9, 2001 at 4:50 am

    On Mon, 8 Oct 2001, Michael G Schwern wrote:

    + else if (strEQ(name, "\024AINT"))
    I see that this is not the first variable
    ${^WARNING_BITS}
    ${^WIDE_SYSTEM_CALLS}
    ${^OPEN} << not documented in perlvars.pod but used in open.pm
    to break the rule in perldata.pod, but
    would someone please submit a bug report
    or update perldata.pod to match perlvar.pod.

    The "Variable names" section of perldata.pod contains
    "names that do not start with a letter, underscore, or digit are limited
    to one character, e.g., $% or $$."

    As now this conflicts with perlvar.pod

    Finally, new in Perl 5.6, Perl variable names may be alphanumeric
    strings that begin with control characters (or better yet, a
    caret). These variables must be written in the form "${^Foo}";
    the braces are not optional. "${^Foo}" denotes the scalar
    variable whose name is a control-"F" followed by two "o"'s. These
    variables are reserved for future special uses by Perl, except for
    the ones that begin with "^_" (control-underscore or caret-
    underscore). ....
  • Rafael Garcia-Suarez at Oct 9, 2001 at 8:10 pm

    On 2001.10.09 06:50 David Dyck wrote:
    I see that this is not the first variable
    ${^WARNING_BITS}
    ${^WIDE_SYSTEM_CALLS}
    ${^OPEN} << not documented in perlvars.pod but used in open.pm
    to break the rule in perldata.pod, but
    would someone please submit a bug report
    or update perldata.pod to match perlvar.pod.
    Something like this ?

    --- pod/perldata.pod.orig Fri Oct 5 01:57:38 2001
    +++ pod/perldata.pod Tue Oct 9 22:04:55 2001
    @@ -87,10 +87,11 @@
    of this, see L<perlref>.

    Names that start with a digit may contain only more digits. Names
    -that do not start with a letter, underscore, or digit are limited to
    -one character, e.g., C<$%> or C<$$>. (Most of these one character names
    -have a predefined significance to Perl. For instance, C<$$> is the
    -current process id.)
    +that do not start with a letter, underscore, digit or a caret (i.e.
    +a control character) are limited to one character, e.g., C<$%> or
    +C<$$>. (Most of these one character names have a predefined
    +significance to Perl. For instance, C<$$> is the current process
    +id.)

    =head2 Context
  • Arthur Bergman at Oct 9, 2001 at 8:20 pm
    On 2001.10.09 06:50 David Dyck wrote:
    I see that this is not the first variable
    ${^WARNING_BITS}
    ${^WIDE_SYSTEM_CALLS}
    ${^OPEN} << not documented in perlvars.pod but used in open.pm
    to break the rule in perldata.pod, but
    would someone please submit a bug report
    or update perldata.pod to match perlvar.pod.
    Something like this ?
    Applied as 12384, thanks.
    --- pod/perldata.pod.orig Fri Oct 5 01:57:38 2001
    +++ pod/perldata.pod Tue Oct 9 22:04:55 2001
    @@ -87,10 +87,11 @@
    of this, see L<perlref>.

    Names that start with a digit may contain only more digits. Names
    -that do not start with a letter, underscore, or digit are limited to
    -one character, e.g., C<$%> or C<$$>. (Most of these one character names
    -have a predefined significance to Perl. For instance, C<$$> is the
    -current process id.)
    +that do not start with a letter, underscore, digit or a caret (i.e.
    +a control character) are limited to one character, e.g., C<$%> or
    +C<$$>. (Most of these one character names have a predefined
    +significance to Perl. For instance, C<$$> is the current process
    +id.)

    =head2 Context
  • John Peacock at Oct 8, 2001 at 8:14 pm

    Michael G Schwern wrote:

    Here's a little patch that adds in ${^TAINT}, a variable to tell you
    if the program is running under taint mode or not. Useful to let
    programs provide better warning and error messages than the usual
    "Insecure dependency".
    --- gv.c 2001/10/08 19:24:56 1.1
    +++ gv.c 2001/10/08 19:29:55
    @@ -910,6 +909,10 @@
    if (len > 1)
    break;
    goto ro_magicalize;
    + case '\024': /* $^T */
    + if (len > 1 && strNE(name, "\024AINT"))
    + break;
    + goto magicalize;
    Wouldn't

    + goto ro_magicalize;

    make this readonly, just like $^S above?

    John

    --
    John Peacock
    Director of Information Research and Technology
    Rowman & Littlefield Publishing Group
    4720 Boston Way
    Lanham, MD 20706
    301-459-3366 x.5010
    fax 301-429-5747
  • Ronald J Kimball at Oct 9, 2001 at 2:18 am
    On Mon, Oct 08, 2001 at 03:55:59PM -0400, Michael G Schwern wrote:


    Some quick comments on the text included in the patch...

    --- pod/perlvar.pod 2001/10/08 19:44:18 1.1
    +++ pod/perlvar.pod 2001/10/08 19:45:21
    @@ -1039,6 +1039,11 @@
    epoch (beginning of 1970). The values returned by the B<-M>, B<-A>,
    and B<-C> filetests are based on this value.

    +=item ${^TAINT}
    +
    +Reflects if taint mode is on or off (ie. if the program was run with
    +B<-T> or not). True for on, false for off.
    +
    Nit: I think 'ie.' should be 'i.e.'; each letter is an abbreviation of a
    word.

    --- t/op/taint.t 2001/10/08 19:38:46 1.1
    +++ t/op/taint.t 2001/10/08 19:42:52
    @@ -884,4 +898,13 @@
    print "# untainted:\n", @untainted if @untainted;
    }

    +
    +ok( ${^TAINT}, '$^TAINT is on' );
    +
    +eval { ${^TAINT} = 0 };
    +ok( ${^TAINT}, '$^TAINT is not assignable' );
    +
    +# TODO
    +# ok( $@ =~ /^Modification of a read-only value attempted/,
    +# 'Assigning to taint pukes properly' );
    That should probably read '${^TAINT}' instead of 'taint'.

    I wonder if the expression "pukes properly" will be sufficiently clear to
    everyone who sees it.


    Ronald
  • Jarkko Hietaniemi at Oct 9, 2001 at 2:30 am

    Some quick comments on the text included in the patch...
    Comments applied, thanks.
    I wonder if the expression "pukes properly" will be sufficiently clear to
    everyone who sees it.
    <rambling>This reminds me of a pet peeve (I've got a zooful of such pets):
    when drafting the test messages, don't assume that the test succeeds:

    ok(..., "The gorkulator works! Hallelujah!!!");

    looks really comical when the gorkulator does *not* work...
    Try to keep your message "labels" neutral, describe the _feature_
    or _property_ being tested. Nouns, not verbs.

    --
    $jhi++; # http://www.iki.fi/jhi/
    # There is this special biologist word we use for 'stable'.
    # It is 'dead'. -- Jack Cohen

Related Discussions

People

Translate

site design / logo © 2022 Grokbase