At 11:23 PM 9/23/2001 -0500, Craig A. Berry wrote: >Basically we're pre-loading a hash when you use "keys" or "values" on >%ENV, and if I understand this right, hash elements are not >full-blown scalars and thus do not have tainting bits. Getting an >individual element from %ENV, on the other hand, never involves a >real hash since we just call getenv() or moral equivalent and return >a single (tainted) scalar value. The code where this is implemented >in vms/vms.c is pretty twisty stuff and I don't quite have a good >enough grasp of it yet to be sure this is right or know what to do >about it.
I think the ultimate issue is that %ENV elements fetched from trusted sources (Like the SYSTEM or CLUSTER mode logicals) are considered untainted, while the process-level stuff is tainted. Seemed that way the last time I dove through the twisty mazes, but I might've misread things. Dan --------------------------------------"it's like this"------------------- Dan Sugalski even samurai [EMAIL PROTECTED] have teddy bears and even teddy bears get drunk