Taint and &IO::Socket::connect 
Author Message
 Taint and &IO::Socket::connect

IO::Socket::connect() fails silently if its arguments are tainted.

This is counter-intuative and has caused many people grief.

Why is there an eval{} in &IO::Socket::connect at all?  What exceptions
from CORE::connect() _do_ we want to silently ignore?

--
     \\   ( )
  .  _\\__[oo

 .  l___\\
  # ll  l\\
 ###LL  LL\\



Sun, 03 Nov 2002 03:00:00 GMT  
 Taint and &IO::Socket::connect

Quote:

> IO::Socket::connect() fails silently if its arguments are tainted.

> This is counter-intuative and has caused many people grief.

> Why is there an eval{} in &IO::Socket::connect at all?  What exceptions
> from CORE::connect() _do_ we want to silently ignore?

You are obvioulsy using an old version of IO::Socket. The eval{} was
there to do timeouts. The previous versions used alarm() for this.

The version in 5.6.0 and also IO-1.20 on CPAN uses non-blocking IO
and select so the alarm/eval is no longer used.

Graham.



Mon, 04 Nov 2002 03:00:00 GMT  
 
 [ 2 post ] 

 Relevant Pages 

1. Copying databases

2. Is DBRadioGroup buggy?

3. IO::Socket && IO::Select Problem

4. question about io::socket & io:select

5. WHERE TO GET RALF BRO

6. Packing a Table

7. Master/Detail

8. bug in IO::Socket::INET::connect (perl5.004_04)

9. Untainting works not with IO::Socket::connect

10. Proper way to close an IO::Socket or IO::Socket::INET

11. Tainting & Sockets Autoload problem

12. IO::Socket, IO::Select, and buffered/unbuffered IO

 

 
Powered by phpBB® Forum Software