projects / monkeysphere-validation-agent.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 427cb25) | patch
untaint $uid.
authorJameson Rollins <jrollins@finestructure.net>
Sun, 2 May 2010 00:53:20 +0000 (20:53 -0400)
committerJameson Rollins <jrollins@finestructure.net>
Tue, 10 Aug 2010 13:58:59 +0000 (09:58 -0400)
commite0be50fa941e606da7a897248615a706637a48f3
tree62ef057a2bcf52ca966132acd3dc93c5cae9a77ctree | snapshot
parent427cb25da7ff5569daca02fb1646144f6d429103commit | diff
untaint $uid.

Found out that $uid is in fact tainted while trying to use it in a
system() call in another context.  We have untainted it here.

I think this actually means that perl's taint checking is broken,
because it fails to check for taint in the open() call to a
subprocesses.
msva-perl diff | blob | history
Monkeysphere public key validation daemon