1 comment

[ 5.0 ms ] story [ 12.5 ms ] thread
Question from the Internet: "Does your exploit also work in tainted mode?"

Netanel Rubin: "No".

This simple "No" demonstrates the fundamental deception inherent in Netanel's talk.

----

From the Perl security document[1]:

> This flag [taint mode] is strongly suggested for server programs and any program run on behalf of someone else, such as a CGI script.

----

So:

1. Any and all code, even in, say, Haskell, should typically take some protective measure to counter the attack potential inherent in reading in arbitrary unsafe user input.

2. Perl provides a nice, simple, effective tool for dealing with this -- the `-T` command line option that turns on taint mode.

3. Netanel knows about this feature and could easily have mentioned and suggested "Use Taint mode". But that would render his talk pointless...

[1] http://perldoc.perl.org/perlsec.html