Taint check
J. Paul Reed
preed at sigkill.com
Wed May 28 15:35:01 UTC 2003
On 28 May 2003 at 08:55:20, Colin Bendell moved bits on my disk to say:
> Yes, and this seems to be the problem. I'm using ActiveState's
> perlis.dll to execute the perl cgi which doesn't support the taint check
> (because it is loaded early).
You might also take a look at bug 140784; I only skimmed it, but a comment
in another bug said "If you're using IIS, there's some additional
setup you have to do for taint mode to work." That would seem to imply that
taint mode *does* work with Win32, with a workaround.
If you're having problems, I think this is a bug that we might have to fix
for 2.18... but we should confirm that it is indeed a bug.
> Isn't the taint check just as much a problem when using mod_perl?
I don't know, but I don't think so... bbaetz would know for sure.
> For now I'm content to remove the -T switch and let cvs do the diffs for
> me :)
I wouldn't do that on a public installation if I were you; that's not
really the solution to the problem, especially on Win32.
Later,
Paul
------------------------------------------------------------------------
J. Paul Reed -- 0xDF8708F8 || preed at sigkill.com || web.sigkill.com/preed
To hold on to sanity too tight is insane. -- Nick Falzone, Pushing Tin
I use PGP; you should use PGP too... if only to piss off John Ashcroft
More information about the developers
mailing list