User Tools

Site Tools


perl:taint_mode

Perl - Taint Mode

Taint mode is a special set of security checks that Perl performs on data input into your program from external sources. The input data is marked as tainted (untrusted) and may not be used in commands that would allow you to shoot yourself in the foot. See the http://perldoc.perl.org/perlsec.html for a detailed breakdown of what taint mode tracks.

To invoke taint mode:

From the command line:

perl -T program.pl

At the top of your script:

#!/usr/bin/perl -T

When your script trips one of the taint checks your application will issue a fatal error message. For testing purposes -t will issue warnings instead of fatal errors.

WARNING: -t is not a substitute for -T.

perl/taint_mode.txt · Last modified: 2020/07/15 09:30 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki