All geek questions in one place

-T in perl

What is the flag -Tin Perl that is used for?

+3
source share
3 answers

It allows taint mode, a data flow analysis that prevents potentially dangerous operations using untrusted inputs.

For example, it might seem reasonable to store new user data using

open my $fh, ">", "/var/myservice/$username"
  or die "...";
print $fh ...;

To illustrate how useful this is, what if a malicious user gives username ../../../etc/passwdand your service starts as root?

Taint mode will not allow code to run if the value $usernamecomes from the command line or as a CGI form parameter.

perlsec , "" , , .

+10
-T  | Forces "taint" checks to be turned on so you can test them.

http://www.computerhope.com/unix/uperl.htm

. Perl taint ? CGI/Perl Taint Mode FAQ.

, Google!

+1

If taint mode is on, you need to disable data using a function, for example, apply a regular expression to remove unsafe characters.

0
source

Source: https://habr.com/ru/post/1776094/

More articles:


All Articles