Aside from being one of
Perl's
X-File tests, -T is also a
command line switch for
taint mode.
Here are two ways to turn on taint mode:
[user@host user]$ perl -T myscript.pl -- use the -T switch at command line execution
#!/usr/bin/perl -T -- add it to the first line of your script
While running in taint mode, Perl will check for tainted data. If it is found, you are likely to recieve an error message:
Insecure $ENV{PATH} while running with -T switch at script line 4.
Data is said to be tainted if it is coming in from any external source such as an opened file, an $ENV variable or a command line argument.
CGI programmers are encouraged to use taint mode in all of their CGI scripts as a security precaution. Any setuid scripts should also be taint checked.
To un-taint tainted data, you can use a simple regular expression such as the following:
$var =~/^([\w.-]+)/; (from The Perl Cookbook)
$var = $1;
The problem with using taint mode is that code like the above may be needed throughout your program. This means extra overhead. For this reason, it is generally not a good idea to use taint mode if it is not needed. That is, if your program is not a CGI, setuid, or setgid script.