On Wed, Aug 02, 2000 at 11:29:40AM -0400, Dan Sugalski wrote:
> I was figuring the taint/notaint pragma would control taint checking, while
> -T would control taint setting. Probably not the best way--might be worth
> unconditionally setting the taint status so a use/no taint would do the
> rig
At 12:51 PM 8/2/00 +0100, Graham Barr wrote:
>On Tue, Aug 01, 2000 at 11:56:48AM -0400, Dan Sugalski wrote:
> > What I was thinking of was something along the lines of a lexically scoped
> > pragma--"use taint"/"no taint". (We could do this by sticking in an opcode
> > to set/unset the tainting st
On Tue, Aug 01, 2000 at 11:56:48AM -0400, Dan Sugalski wrote:
> What I was thinking of was something along the lines of a lexically scoped
> pragma--"use taint"/"no taint". (We could do this by sticking in an opcode
> to set/unset the tainting status, as well as the warning status, and so on)
>
On Tue, 01 Aug 2000, Dan Sugalski wrote:
> At 11:57 PM 7/31/00 -0700, Matthew Cline wrote:
> >Something else which might be useful for tainting would be something like:
> >
> > taint_var($foo);
> > no_taint_var($bar);
> >
> >With this, any value assigned to $foo would become tainted, and a
At 02:52 PM 8/1/00 -0400, Chaim Frenkel wrote:
>Please explain how having a no taint block would still keep the spirit
>of not making untainting easy?
Hadn't thought that much about it. That is an issue which'd need to be
dealt with if this proposal goes anywhere, which it very well might not.
Please explain how having a no taint block would still keep the spirit
of not making untainting easy?
Just add a no taint at the top of ones code, and the -T goes away.
> "DS" == Dan Sugalski <[EMAIL PROTECTED]> writes:
DS> I think I'd prefer to leave untainting to regexes.
DS> What I wa
I respectfully request that one list be picked for this topic and
discussion confined to that one list even if it should occasionally
spill into the other bailiwick. Or perhaps it's a candidate for a new
working group.
If all messages are CC:ed to all lists, then simply have p5p reborn
(and the
At 11:57 PM 7/31/00 -0700, Matthew Cline wrote:
>On Mon, 31 Jul 2000, Nathan Wiger wrote:
>
> > Instead, it would be really cool if Perl6 let you do this:
> >
> >#! perl -T
> >local($^T) = 0;
> >$ENV{PATH} = read_config_file();
> >local($^T) = 1;
>
>I would prefer something like:
>
At 11:57 PM 7/31/00 -0700, Matthew Cline wrote:
>Something else which might be useful for tainting would be something like:
>
> taint_var($foo);
> no_taint_var($bar);
>
>With this, any value assigned to $foo would become tainted, and any value
>assigned to $bar would become untainted.
Whi
> Another note: your examples with:
>
> local ($^T) = 0;
> $ENV{PATH} = read_config_file();
> local ($^T) = 1;
>
> is only using local() to confuse; it should be written with a block,
> correctly restoring the old value of $^T.
Sorry about that - I contemplated taking it
Simon Cozens <[EMAIL PROTECTED]> wrote:
> On Tue, Aug 01, 2000 at 01:43:05PM +0100, Graham Barr wrote:
> > Let me just say that Larry has said in the past that untainting was
> > deliberatly left difficult to do, on the basis that something which
> > can have serious effect (ie security) should no
On Tue, Aug 01, 2000 at 01:43:05PM +0100, Graham Barr wrote:
> Let me just say that Larry has said in the past that untainting was
> deliberatly left difficult to do, on the basis that something which
> can have serious effect (ie security) should not be easy to do.
>
> But then I suppose all pre
On Tue, Aug 01, 2000 at 08:13:24AM -0400, Bryan C.Warnock wrote:
> On Tue, 01 Aug 2000, Matthew Cline wrote:
>
> >
> > I would prefer something like:
> >
> > #! perl -T
> > $ENV{PATH} = untaint( read_config_file() );
> >
> > In other words, either make the 'Taint' and 'Untaint' package
On Tue, 01 Aug 2000, Matthew Cline wrote:
>
> I would prefer something like:
>
> #! perl -T
> $ENV{PATH} = untaint( read_config_file() );
>
> In other words, either make the 'Taint' and 'Untaint' packages part of the
> standard distribution, or put them into the core language.
>
Thi
On Mon, Jul 31, 2000 at 10:42:54PM -0700, Nathan Wiger wrote:
> Dan Sugalski wrote:
> >
> > > existence of a $^T variable for controlling tainting in the same way
> > > that $^W controls warnings.
> >
> > So put in an RFC. :)
>
> Dan-
>
> Ask and ye shall receive...in POD format ala Tim...
I
Nathan Wiger <[EMAIL PROTECTED]> writes:
[...]
> =head1 Implementation
>
> This will avoid internals, but instead get into the details of how the
> implementation should *act*:
>
>1. Have the tainting engine "trust" any variables declared
> when tainting is off. So:
>
> #!
On Mon, 31 Jul 2000, Nathan Wiger wrote:
> Instead, it would be really cool if Perl6 let you do this:
>
>#! perl -T
>local($^T) = 0;
>$ENV{PATH} = read_config_file();
>local($^T) = 1;
I would prefer something like:
#! perl -T
$ENV{PATH} = untaint( read_config_file() );
Dan Sugalski wrote:
>
> > existence of a $^T variable for controlling tainting in the same way
> > that $^W controls warnings.
>
> So put in an RFC. :)
Dan-
Ask and ye shall receive...in POD format ala Tim...
BTW, I've posted this to both lists because your reply was. However,
since $^T would
18 matches
Mail list logo