How to unable the use of tainted mode in a CGI script ? - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: How to unable the use of tainted mode in a CGI script ?

Azol wrote:

Quoted text here. Click to load it

If -T is causing it to fail, it's pretty just like having invalid syntax
that would cause the script to error rather than execute.  It can't
report an error in that way, if the script can't run.  So, you'd have
it fail and error in a way that wouldn't relate to showing errors via
CGI::Carp, I'm sorry to say.  That's not going to allow you to see
why/the error.  Ask them where the error logs are located.  Do you have
shell/ssh access?  Do you have any control panel or interface where you
can view logs, or download them via FTP, or anything?  Ultimately, you
should just get a better web host that understands the advantages to
allowing Taint (I honestly can't conceive of a reason why a host would
make an effort to NOT allow something that only helps their clients
create more secure scripts.  I'd worry about what else they've done (or
have not done) that affects stability, security and efficiency).
Tim Greer, CEO/Founder/CTO,, Inc.
Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
and Custom Hosting.  24/7 support, 30 day guarantee, secure servers.
Industry's most experienced staff! -- Web Hosting With Muscle!

Re: How to unable the use of tainted mode in a CGI script ?

Quoted text here. Click to load it

You're right : this hoster is really bad.

Here is their last reply when I ask them more details about tainted mode
forbidding and the location where is error.log

In French :

Nous vous informons que ce fichier n'est accessible qu'à l'utilisateur
root sur le serveur.
Concernant le mode tainted, il s'agit de raisons techniques que nous ne
pouvons pas détailler ici.

So, in English :

We inform you that this file (error.log) is only accessible for the rrot
About tainted mode, we can't tell you our technical reason (ie. it's
confidential and you're just a customer)


Re: How to unable the use of tainted mode in a CGI script ?

} I have to use a long perl script which use the "tainted mode" (-T
} option), but the hoster we use doesn't allow this option unless on
} dedicated server (and, of course, we can't pay a dedicated server).
} What I have to do to remove the tainted mode in the script ?

One possibility: could you finesse this problem by invoking Perl yourself,
directly?  I could see something like having a tiny bit of perl that read
from __END__ to the end of the file, stored it in /tmp, and then you could

  "exec perl -T <tmptfile>"

Ugly and klunky, but it might get you taint-mode back...


Bernie Cosell                     Fantasy Farm Fibers            Pearisburg, VA
    -->  Too many people, too few sheep  <--          

Site Timeline