Update comments for untaint.

author David Bremner <bremner@debian.org>

Thu, 10 Mar 2011 21:02:32 +0000 (16:02 -0500)

committer Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Thu, 10 Mar 2011 21:04:45 +0000 (16:04 -0500)
author David Bremner <bremner@debian.org>
Thu, 10 Mar 2011 21:02:32 +0000 (16:02 -0500)
committer Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Thu, 10 Mar 2011 21:04:45 +0000 (16:04 -0500)
diff --git a/Crypt/Monkeysphere/Keyserver.pm b/Crypt/Monkeysphere/Keyserver.pm

index 97998687492dad574c24be40f0af5f15edbc0b91..c53869aadb8973e824caa6309fb93639b8f269a7 100644 (file)
--- a/Crypt/Monkeysphere/Keyserver.pm
+++ b/Crypt/Monkeysphere/Keyserver.pm
@@ -37,6 +37,11 @@ sub _get_keyserver{
  
    if (!defined($gpghome)) {
      if (exists $ENV{GNUPGHOME} and $ENV{GNUPGHOME} ne '') {
+
+      # We might be running in taint mode, but we assume that is about
+      # data coming from the network, and that the local environment
+      # is generally trustworthy.
+
        $gpghome = untaint($ENV{GNUPGHOME});
      } else {
        my $userhome=File::HomeDir->my_home;
diff --git a/Crypt/Monkeysphere/Util.pm b/Crypt/Monkeysphere/Util.pm

index d4694d59cd58ed09ff1ac3775e4a40fc69759dd7..e4c73e0afa09e9eb10901dbf52d65c7fb3b0e85d 100644 (file)
--- a/Crypt/Monkeysphere/Util.pm
+++ b/Crypt/Monkeysphere/Util.pm
@@ -8,8 +8,7 @@ our @EXPORT_OK=qw(untaint);
  
  
  # use sparingly!  We want to keep taint mode around for the data we
-# get over the network.  this is only here because we want to treat
-# the command line arguments differently for the subprocess.
+# get over the network.
  sub untaint {
    my $x = shift;
    $x =~ /^(.*)$/ ;
author	David Bremner <bremner@debian.org>
	Thu, 10 Mar 2011 21:02:32 +0000 (16:02 -0500)
committer	Daniel Kahn Gillmor <dkg@fifthhorseman.net>
	Thu, 10 Mar 2011 21:04:45 +0000 (16:04 -0500)
Crypt/Monkeysphere/Keyserver.pm		patch \| blob \| history
Crypt/Monkeysphere/Util.pm		patch \| blob \| history