bbaetz at gmail.com
Mon Jul 27 11:20:04 UTC 2015
What is the measurable performance impact? Any idea whether its in a
specific bit of code or more general? The goal of taint mode is to track
stuff that we don't know about. When I added taint mode (way too long
ago...) we found a huge number of security issue, and that was *after*
doing audits for problem categories. I'm sure that its better now, but its
better to be safe than sorry....
It should just be a check of a single magic bit in the perl code, although
since Perl isn't really my focus nowdays I could be wrong...
On Mon, 27 Jul 2015 at 21:00 Gervase Markham <gerv at mozilla.org> wrote:
> At the last Bugzilla meeting, we discussed turning off taint mode, as
> it's a performance hit, keeps breaking 3rd party modules and provides
> marginal value now that we use placeholders properly and template escaping.
> Someone said a bug had been opened: is that right?
> dev-apps-bugzilla mailing list
> dev-apps-bugzilla at lists.mozilla.org
> To view or change your list settings, click here:
dev-apps-bugzilla mailing list
dev-apps-bugzilla at lists.mozilla.org
More information about the developers