Re: RFC 227 (v1) Extend the window to turn on taint mode
On Fri, Sep 15, 2000 at 01:33:01PM -0700, Nathan Wiger wrote: > Michael G Schwern wrote: > > > > perl6-internals is probably the wrong forum for this, it was just > > convenient. I think Dan's got the right idea, distribute a Taint > > module with Perl. > > I'm not sure what's happened on -internals, but early on in > perl6-language I suggested something similar, and Larry dropped some > major knowledge on me about tainting: > > http://www.mail-archive.com/perl6-language@perl.org/msg00394.html > > I'd advise everyone read the above. Adding a $TAINT > variable/pragma/whatever is, basically, a Bad Idea. The hypothetical taint.pm/taint.xs that was being discussed was in a different context. The taint pragma that we were talking about is not about lexical scoping of taint mode, but rather a sensible place to add taint(), tainted() and similar functions that need specific knowledge of core internals. Of couse, if the core language contains taint() and untainted(), then this is a trivial discussion. We were looking at it from an internals perspective, with the POV that it may not be a core language feature. taint() and tainted() would work on scalars that may or may not be coming from a trustworthy source. untaint() should *not* be one of these functions, because untainting should remain hard (i.e., you should have to think about what you're doing). This is a discussion that may result in a different RFC altogether. It came up because RFC 227 discusses tainting. -language is probably not the right forum for either. I vote for starting a new thread in -stdlib. Z.
Re: RFC 227 (v1) Extend the window to turn on taint mode
Michael G Schwern wrote: > > perl6-internals is probably the wrong forum for this, it was just > convenient. I think Dan's got the right idea, distribute a Taint > module with Perl. I'm not sure what's happened on -internals, but early on in perl6-language I suggested something similar, and Larry dropped some major knowledge on me about tainting: http://www.mail-archive.com/perl6-language@perl.org/msg00394.html I'd advise everyone read the above. Adding a $TAINT variable/pragma/whatever is, basically, a Bad Idea. There's already $fh->untaint a per-filehandle OO untainting mechanism, as Tom shows here: http://www.mail-archive.com/perl6-language@perl.org/msg00442.html This may remain the best solution, judging by Larry's remarks. -Nate
Re: RFC 227 (v1) Extend the window to turn on taint mode
On Fri, Sep 15, 2000 at 04:01:11PM -0400, Dan Sugalski wrote: > >Anyhow, however these extra tainting functions are implemented is fine > >(as long as they work). The simplest thing would be to just merge and > >patch up Taint.pm and distribute it with perl6. > > Yup. I know Tom wanted an all-perl version so there wouldn't be any > dependencies on having a C compiler around. I took the XS route mainly > because I mistrust indirect methods. (Well, that and I'd written several > orders of magnitude more C code for perl than perl code at the point I > wrote that...) If we move it into the core the availablity of C compilers is no longer an issue. Having had a taste of the hacks one must do to pull off an all-perl version, XS seems the simplest route. PS I've moved this discussion to perl6-language. Reply accordingly. -- Michael G Schwern http://www.pobox.com/~schwern/ [EMAIL PROTECTED] Just Another Stupid Consultant Perl6 Kwalitee Ashuranse Sometimes these hairstyles are exaggerated beyond the laws of physics - Unknown narrator speaking about Anime
Re: RFC 227 (v1) Extend the window to turn on taint mode
At 03:43 PM 9/15/00 -0400, Michael G Schwern wrote: >On Fri, Sep 15, 2000 at 02:00:04PM -0400, Adam Turoff wrote: > > I'm kinda surfing the edge here. -T is definately an internals issue, > > but $TAINT? taint()? is_tainted()? > > > > I'm not sure if they should be exposed into the language from the > > internals, or if a superstudly taint.xs in stdlib is more appropriate. > >perl6-internals is probably the wrong forum for this, it was just >convenient. I think Dan's got the right idea, distribute a Taint >module with Perl. The only reason to do so instead of a built-in is to not snag yet more namespace. Dunno if it much matters either way, though the code is probably best left outside the really inner core code just to keep down the amount of stuff that any one person needs to stuff in their head. :) >Shall we drag this discussion on over to perl6-language? (I've CC'd >it and added a Reply-To. This is BCC'd to perl6-internals). Perhaps perl6-stdlib would be an even better place for it, if it's going in as part of the standard library. Dan --"it's like this"--- Dan Sugalski even samurai [EMAIL PROTECTED] have teddy bears and even teddy bears get drunk
Re: RFC 227 (v1) Extend the window to turn on taint mode
On Fri, Sep 15, 2000 at 02:00:04PM -0400, Adam Turoff wrote: > I'm kinda surfing the edge here. -T is definately an internals issue, > but $TAINT? taint()? is_tainted()? > > I'm not sure if they should be exposed into the language from the > internals, or if a superstudly taint.xs in stdlib is more appropriate. perl6-internals is probably the wrong forum for this, it was just convenient. I think Dan's got the right idea, distribute a Taint module with Perl. Shall we drag this discussion on over to perl6-language? (I've CC'd it and added a Reply-To. This is BCC'd to perl6-internals). -- Michael G Schwern http://www.pobox.com/~schwern/ [EMAIL PROTECTED] Just Another Stupid Consultant Perl6 Kwalitee Ashuranse When faced with desperate circumstances, we must adapt. - Seven of Nine