Taint mode

Bradley Baetz bbaetz at gmail.com
Mon Jul 27 11:20:04 UTC 2015


/delurk

What is the measurable performance impact? Any idea whether its in a
specific bit of code or more general? The goal of taint mode is to track
stuff that we don't know about. When I added taint mode (way too long
ago...) we found a huge number of security issue, and that was *after*
doing audits for problem categories. I'm sure that its better now, but its
better to be safe than sorry....

It should just be a check of a single magic bit in the perl code, although
since Perl isn't really my focus nowdays I could be wrong...

Bradley

On Mon, 27 Jul 2015 at 21:00 Gervase Markham <gerv at mozilla.org> wrote:

> At the last Bugzilla meeting, we discussed turning off taint mode, as
> it's a performance hit, keeps breaking 3rd party modules and provides
> marginal value now that we use placeholders properly and template escaping.
>
> Someone said a bug had been opened: is that right?
>
> Gerv
> _______________________________________________
> dev-apps-bugzilla mailing list
> dev-apps-bugzilla at lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-apps-bugzilla
> -
> To view or change your list settings, click here:
> <http://bugzilla.org/cgi-bin/mj_wwwusr?user=bbaetz@gmail.com>
>
_______________________________________________
dev-apps-bugzilla mailing list
dev-apps-bugzilla at lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-apps-bugzilla



More information about the developers mailing list