No-taint support in Perl

Front page | perl.perl5.porters | Postings from October 2012

No-taint support in Perl

Thread Next

From:

Steffen Mueller

Date:

October 21, 2012 03:09

Subject:

No-taint support in Perl

Message ID:

5083C9B6.1080002@cpan.org

A short while ago, I posted about my branch that introduces a C define 
(really two: NO_TAINT_SUPPORT, SILENT_NO_TAINT_SUPPORT) that disables 
taint support either by making -t/-T fatal or by simply making them no-ops.

There's a small but measurable run-time performance improvement by 
avoiding the frequently repeated check of various globals to see whether 
-t/-T is in effect.

Both versions have some drawbacks in that the version that makes the use 
of -t/-T fatal will make many a CPAN module's tests fail because use of 
-t/-T is relatively common. The silent version will still make tests 
fail that explicitly test the tainting mechanism and can result in users 
of Perl mistakenly using -t/-T without the expected effect. For these 
reasons, the proposed defines are never to become the default Perl 
configuration but if included in a Perl release, should be documented as 
opt-in, expert-level options.

In reply to my original email, there were various suggestions as to what 
could be studied about the positive performance impact, but it appears 
that both I, the proposers of the research, and the many readers of the 
list don't have the time or inclination to do so.

Therefore, I propose inclusion of my changes in blead and adding 
Configure flags to enable them. Once that's done, I'll be glad to 
document all changes appropriately (INSTALL, perldelta, ...).

Ricardo, I think it's on you to make a call about this.

Best regards,
Steffen

Thread Next