[ale] Perl untaint

Jim Kinney jim.kinney at gmail.com
Tue Apr 8 10:13:59 EDT 2014


Just because the process doesn't run as root is not a free ride to user
security. Outside data being run as a user is also suspect. User privilege
escalation is a cause for concern. Never trust data from outside under any
reason. untaint always with no exceptions. untaint even your own data just
to stay in the habit.


On Tue, Apr 8, 2014 at 10:02 AM, Lists <lists at serioustechnology.com> wrote:

> Is there any reason to untaint data in a script that is not run by root or
> any other system userid?
>
> Geoffrey Myers
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain


*http://heretothereideas.blogspot.com/
<http://heretothereideas.blogspot.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140408/0e250967/attachment.html>


More information about the Ale mailing list