Joel Uckelman on Thu, 28 Dec 2006 14:45:46 -0700 (MST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [s-d] dice server enhancements, part 2

Thus spake "Chuck Adams":
> On 12/28/06, Joel Uckelman <uckelman@xxxxxxxxx> wrote:
> > I'd originally thought about using Perl to do the parsing and execution,
> > but I couldn't convince myself that it would be possible to sanitize
> > the code to make sure that users weren't finding a sneaky way to call
> > system().
> Perl has taint, which would prevent that from happening. 

I don't see any way to do what I want with taint in Perl. All input is
tainted until I say it's not---but the problem is that I'm not sure
how to identify good input so I can untaint it.

spoon-discuss mailing list