Re: [s-d] dice server enhancements, part 2

Joel Uckelman on Thu, 28 Dec 2006 14:45:46 -0700 (MST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [s-d] dice server enhancements, part 2

To: discussion list for B Nomic <spoon-discuss@xxxxxxxxx>
Subject: Re: [s-d] dice server enhancements, part 2
From: Joel Uckelman <uckelman@xxxxxxxxx>
Date: Thu, 28 Dec 2006 22:45:44 +0100
In-reply-to: Your message of "Thu, 28 Dec 2006 11:58:23 PST." <85ade64f0612281158n27a92bceh14e47e90734ec2d7@xxxxxxxxxxxxxx>

Thus spake "Chuck Adams":
> On 12/28/06, Joel Uckelman <uckelman@xxxxxxxxx> wrote:
> > I'd originally thought about using Perl to do the parsing and execution,
> > but I couldn't convince myself that it would be possible to sanitize
> > the code to make sure that users weren't finding a sneaky way to call
> > system().
> 
> Perl has taint, which would prevent that from happening. 

I don't see any way to do what I want with taint in Perl. All input is
tainted until I say it's not---but the problem is that I'm not sure
how to identify good input so I can untaint it.

-- 
J.
_______________________________________________
spoon-discuss mailing list
spoon-discuss@xxxxxxxxx
http://lists.ellipsis.cx/mailman/listinfo/spoon-discuss

Follow-Ups:
- Re: [s-d] dice server enhancements, part 2
  - From: Chuck Adams

References:
- Re: [s-d] dice server enhancements, part 2
  - From: Chuck Adams

Prev by Date: Re: [s-d] dice server enhancements, part 2
Next by Date: Re: [s-d] dice server enhancements, part 2
Previous by thread: Re: [s-d] dice server enhancements, part 2
Next by thread: Re: [s-d] dice server enhancements, part 2
Index(es):
- Date
- Thread