Taint check

David Miller justdave at syndicomm.com
Wed May 28 15:57:13 UTC 2003


On 5/28/2003 8:35 AM -0700, J. Paul Reed wrote:

> On 28 May 2003 at 08:55:20, Colin Bendell moved bits on my disk to say:
>
>> Yes, and this seems to be the problem.  I'm using ActiveState's
>> perlis.dll to execute the perl cgi which doesn't support the taint check
>> (because it is loaded early).
>
> You might also take a look at bug 140784; I only skimmed it, but a comment
> in another bug said "If you're using IIS, there's some additional
> setup you have to do for taint mode to work." That would seem to imply that
> taint mode *does* work with Win32, with a workaround.
>
> If you're having problems, I think this is a bug that we might have to fix
> for 2.18... but we should confirm that it is indeed a bug.

IIRC, the deal with Win32 is that everything runs on extension mappings.
You either have ALL of your Perl scripts run in taint mode, or none of
them.  And several of the admin scripts won't yet.

In order for taint mode to work on a file-by-file basis on Win32, you would
have to give a different filename extension to files that need taint mode,
and add a new mapping in the control pannel for the new extension to run
Perl in taint mode.  Doing this would also mean changing all of the links
to said files to look for the new filename extension.
-- 
Dave Miller      Project Leader, Bugzilla Bug Tracking System
http://www.justdave.net/             http://www.bugzilla.org/



More information about the developers mailing list