On Tue, 13 Feb 2001, Brian Ingerson wrote:
> Stas Bekman wrote:
> >
> > use Inline Config => UNTAINT => 1;
>
> I prefer the following (syntax-wise):
>
> use Inline 'Untaint';
>
> > I'm also not clear about the SAFEMODE, does it mean that it uses Safe.pm?
> > Does it uses it during the build time only?
>
> SAFEMODE is runtime checking of parameters that are untainted to help
> prevent possible security flaws. UNTAINT just blindly turns off taint
> checking. That said, I still think Inline is fairly safe even with
> UNTAINT.
I'm not sure why there would be both an UNTAINT and a SAFEMODE option. It
would seem that anyone asking for -T would prefer the extra security of
UNTAINT/SAFEMODE over the security deficit caused by UNTAINT alone. Is it
so people can avoid the extra overhead of Safe.pm if "fairly safe" is good
enough?
Here are some proposals:
A) Anyone writing a book or documentations should always use UNTAINT and
SAFEMODE in tandem:
use Inline 'Untaint', 'Safemode';
B) The use of SAFEMODE alone should imply UNTAINT, because 99.99% of the
time that's what you want, and the other 0.01% of the time, adding UNTAINT
isn't the bottleneck of your program:
use Inline 'Safemode'; # Same as above
C) The use of UNTAINT alone is dangerous. It should either...
1) produce a fatal error, or...
2) produce a warning if -w is on
--
Tim Gim Yee
[EMAIL PROTECTED]
