Perl · leonerd · Apr 20, 2022 · Mar 16, 2022 · Mar 16, 2022 · Mar 16, 2022
diff --git a/Configure b/Configure
@@ -1333,6 +1333,7 @@ stdchar=''
 d_stdio_stream_array=''
 stdio_stream_array=''
 sysman=''
+taint_support=''
 sGMTIME_max=''
 sGMTIME_min=''
 sLOCALTIME_max=''
@@ -7305,6 +7306,40 @@ esac
 : confusing anyway.
 installstyle=$dflt
 
+: U/perl/taint_support.U - do we want taint support?
+case "$taint_support" in
+    $undef|false|[Nn]*)
+       dflt="n"
+       ;;
+    *)
+       dflt="y"
+       ;;
+esac
+cat >&4 <<EOM
+
+
+Perl can provide a set of special security checks, which are known
+as taint mode.  The most well-known of these is that data derived
+from outside your program should not be trusted ("is tainted")
+until you have checked it.
+
+These days there are many more security considerations, and as a result
+taint mode isn't widely used. But support for it adds a runtime overhead,
+whether or not you use it.  As a result, you can choose to build Perl
+without taint support.
+
+EOM
+rp='Do you want to build Perl with taint support?'
+. ./myread
+case "$ans" in
+$undef|false|n|N)    val="$undef"
+        ccflags="$ccflags -DSILENT_NO_TAINT_SUPPORT"
+        ;;
+*)      val="$define" ;;
+esac
+set taint_support
+eval $setvar
+
 : determine where public executables go
 echo " "
 set dflt bin bin
@@ -7330,7 +7365,13 @@ cat <<EOM
 Would you like to build Perl so that the installation is relocatable, so that
 library paths in @INC are determined relative to the path of the perl binary?
 This is not advised for system Perl installs, or if you need to run setid
-scripts or scripts under taint mode.
+EOM
+if test "X$taint_support" = "X$define"; then
+    echo "scripts or scripts under taint mode." >&4
+else
+    echo "scripts." >&4
+fi
+cat <<EOM
 
 If this doesn't make any sense to you, just accept the default '$dflt'.
 EOM
@@ -25571,6 +25612,7 @@ subversion='$subversion'
 sysman='$sysman'
 sysroot='$sysroot'
 tail='$tail'
+taint_support='$taint_support'
 tar='$tar'
 targetarch='$targetarch'
 targetdir='$targetdir'

diff --git a/Cross/config.sh-arm-linux b/Cross/config.sh-arm-linux
@@ -1100,6 +1100,7 @@ submit=''
 subversion='10'
 sysman='/usr/share/man/man1'
 tail=''
+taint_support='define'
 tar=''
 targetarch=''
 targetsh='/bin/sh'

diff --git a/Cross/config.sh-arm-linux-n770 b/Cross/config.sh-arm-linux-n770
@@ -1098,6 +1098,7 @@ submit=''
 subversion='10'
 sysman='/usr/share/man/man1'
 tail=''
+taint_support='define'
 tar=''
 targetarch=''
 targetsh='/bin/sh'

diff --git a/Porting/config.sh b/Porting/config.sh
@@ -1129,6 +1129,7 @@ subversion='10'
 sysman='/usr/share/man/man1'
 sysroot=''
 tail=''
+taint_support='define'
 tar=''
 targetarch=''
 targetdir=''

diff --git a/configure.com b/configure.com
@@ -7181,6 +7181,7 @@ $ WC "srandom_r_proto='0'"
 $ WC "strerror_r_proto='0'"
 $ WC "tmpnam_r_proto='0'"
 $ WC "ttyname_r_proto='" + ttyname_r_proto + "'"
+$ WC "taint_support='define'"
 $!
 $! ##END WRITE NEW CONSTANTS HERE##
 $!

diff --git a/lib/locale.t b/lib/locale.t
@@ -2,6 +2,7 @@
 
 use strict;
 use warnings;
+use Config;
 
 # This tests plain 'use locale' and adorned 'use locale ":not_characters"'
 # Because these pragmas are compile time, and I (khw) am trying to test
@@ -34,6 +35,9 @@ use warnings;
 my $is_ebcdic = ord("A") == 193;
 my $os = lc $^O;
 
+# Configure now lets you build a perl that silently ignores taint features
+my $NoTaintSupport = exists($Config{taint_support}) && !$Config{taint_support};
+
 no warnings 'locale';  # We test even weird locales; and do some scary things
                        # in ok locales
 
@@ -161,7 +165,12 @@ sub check_taint ($;$) {
 
     # Extra blanks are so aligns with taint_not output
     $message_tail = ":     $message_tail" if $message_tail;
-    ok is_tainted($_[0]), "verify that is tainted$message_tail";
+    if ($NoTaintSupport) {
+        skip("your perl was built without taint support");
+    }
+    else {
+        ok is_tainted($_[0]), "verify that is tainted$message_tail";
+    }
 }
 
 sub check_taint_not ($;$) {

diff --git a/lib/overload.t b/lib/overload.t
@@ -10,6 +10,29 @@ BEGIN {
     }
 }
 
+my $no_taint_support = exists($Config::Config{taint_support})
+                     && !$Config::Config{taint_support};
+
+my %skip_fetch_count_when_no_taint = (
+    '<${$ts}> RT57012_OV' => 1,
+    '<use integer; ${$ts}> RT57012_OV' => 1,
+    '<do {&{$ts} for 1,2}> RT57012_OV' => 1,
+    '<use integer; do {&{$ts} for 1,2}> RT57012_OV' => 1,
+    '<*RT57012B = *{$ts}; our $RT57012B> RT57012_OV' => 1,
+    '<use integer; *RT57012B = *{$ts}; our $RT57012B> RT57012_OV' => 1,
+);
+
+sub is_if_taint_supported {
+    my ($got, $expected, $name, @mess) = @_;
+    if ($expected && $no_taint_support) {
+        return skip("your perl was built without taint support");
+    }
+    else {
+        return is($got, $expected, $name, @mess);
+    }
+}
+
+
 package Oscalar;
 use overload ( 
 				# Anonymous subroutines:
@@ -1978,8 +2001,10 @@ foreach my $op (qw(<=> == != < <= > >=)) {
 	    my $plain_term = $int . sprintf $sub_term, '$plain';
 	    my $exp = do {no warnings 'experimental::smartmatch'; eval $plain_term };
 	    diag("eval of plain_term <$plain_term> gave <$@>") if $@;
-	    is(tainted($exp), $exp_taint,
-			"<$plain_term> taint of expected return");
+	    SKIP: {
+		is_if_taint_supported(tainted($exp), $exp_taint,
+		    "<$plain_term> taint of expected return");
+	    }
 
 	    for my $ov_pkg (qw(RT57012_OV RT57012_OV_FB)) {
 		next if $ov_pkg eq 'RT57012_OV_FB'
@@ -2010,8 +2035,10 @@ foreach my $op (qw(<=> == != < <= > >=)) {
 		    # ref rather than a copy, so stringify it to
 		    # find out if its tainted
 		    $res = "$res" if $res_term =~ /\+\+|--/;
-		    is(tainted($res), $exp_taint,
+		    SKIP: {
+			is_if_taint_supported(tainted($res), $exp_taint,
 			    "$desc taint of result return");
+		    }
 		    is($res, $exp, "$desc return value");
 		    my $fns =($ov_pkg eq 'RT57012_OV_FB')
 				? $exp_fb_funcs : $exp_funcs;
@@ -2024,7 +2051,14 @@ foreach my $op (qw(<=> == != < <= > >=)) {
 		    next if $var eq '$oload';
 		    my $exp_fetch = ($var eq '$ts') ?
 			    $exp_fetch_s : $exp_fetch_a;
-		    is($fetches, $exp_fetch, "$desc FETCH count");
+		    SKIP: {
+			if ($skip_fetch_count_when_no_taint{$desc} && $no_taint_support) {
+			    skip("your perl was built without taint support");
+			}
+			else {
+			    is($fetches, $exp_fetch, "$desc FETCH count");
+			}
+		    }
 		    is($stores, $exp_store, "$desc STORE count");
 
 		}

diff --git a/lib/perl5db.t b/lib/perl5db.t
@@ -685,6 +685,7 @@ sub _calc_trace_wrapper
 }
 
 # taint tests
+if (!exists($Config{taint_support}) || $Config{taint_support})
 {
     my $wrapper = _calc_trace_wrapper(
         {

diff --git a/metaconfig.h b/metaconfig.h
@@ -18,5 +18,6 @@
  * HAS_NL_LANGINFO_L
  * HAS_FFS
  * HAS_FFSL
+ * HAS_TAINT_SUPPORT
  *
  */
diff --git a/plan9/config_sh.sample b/plan9/config_sh.sample
@@ -1071,6 +1071,7 @@ submit=''
 subversion='10'
 sysman='/sys/man/1pub'
 tail=''
+taint_support='define'
 tar=''
 targetarch=''
 targetsh='/bin/sh'

diff --git a/pod/perldelta.pod b/pod/perldelta.pod
@@ -295,7 +295,22 @@ L</Platform Support> section, instead.
 
 =item *
 
-XXX
+A new question has been added to Configure, to ask if you want to build
+perl without taint support. If you say "no", then all taint features,
+such as the B<-T> and B<-t> switches, will silently do nothing.
+It defaults to "yes", so if you run Configure accepting all defaults,
+you'll get a perl which supports taint just like before.
+
+If you're used to running Configure in "batch mode", here's how you'd
+build Perl without taint support:
+
+ ./Configure -des -Utaint_support
+
+You can check the C<taint_support> key in the C<%Config> hash (in the
+B<Config> module) to determine whether your perl supports taint.
+If the key doesn't exist in the hash, then you're almost certainly
+running under an older perl which predates this change, and you can
+assume that taint is support. See L<perlsec> for more details.
 
 =back
 

diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod
@@ -3851,7 +3851,7 @@ See L<perlfork> for more details.
 
 If there is no I<LIST> of processes, no signal is sent, and the return
 value is 0.  This form is sometimes used, however, because it causes
-tainting checks to be run.  But see
+tainting checks to be run, if your perl support taint checks.  But see
 L<perlsec/Laundering and Detecting Tainted Data>.
 
 Portability issues: L<perlport/kill>.

diff --git a/pod/perlipc.pod b/pod/perlipc.pod
@@ -1138,6 +1138,9 @@ even if we aren't running setuid or setgid.  This is always a good idea
 for servers or any program run on behalf of someone else (like CGI
 scripts), because it lessens the chances that people from the outside will
 be able to compromise your system.
+Note that perl can be built without taint support,
+in which case -T silently does nothing
+(see L<perlsec> for how to check if your perl support taint checking).
 
 Let's look at another TCP client.  This one connects to the TCP "time"
 service on a number of different machines and shows how far their clocks

diff --git a/pod/perllocale.pod b/pod/perllocale.pod
@@ -341,8 +341,9 @@ nested, and that what is in effect within an inner scope will revert to
 the outer scope's rules at the end of the inner scope.
 
 The string result of any operation that uses locale
-information is tainted, as it is possible for a locale to be
-untrustworthy.  See L</"SECURITY">.
+information is tainted (if your perl supports taint checking),
+as it is possible for a locale to be untrustworthy.
+See L</"SECURITY">.
 
 Starting in Perl v5.16 in a very limited way, and more generally in
 v5.22, you can restrict which category or categories are enabled by this
@@ -1154,9 +1155,14 @@ Perl cannot protect you from all possibilities shown in the
 examples--there is no substitute for your own vigilance--but, when
 C<use locale> is in effect, Perl uses the tainting mechanism (see
 L<perlsec>) to mark string results that become locale-dependent, and
-which may be untrustworthy in consequence.  Here is a summary of the
-tainting behavior of operators and functions that may be affected by
-the locale:
+which may be untrustworthy in consequence.
+
+Note that it is possible to compile Perl without taint support,
+in which case all taint features silently do nothing.
+See L<perlsec> for how to tell if your perl supports taint checking.
+
+Here is a summary of the tainting behavior of operators and functions
+that may be affected by the locale:
 
 =over 4
 

diff --git a/pod/perlmodstyle.pod b/pod/perlmodstyle.pod
@@ -428,6 +428,13 @@ run without generating any warnings.  Your module should also handle
 taint-checking where appropriate, though this can cause difficulties in
 many cases.
 
+Note though that Perl can be configured to not support taint checking,
+in which case all taint features silently do nothing.
+Your module, and its tests, should support this configuration.
+See L<perlsec> for how to detect whether you're running under
+a perl that doesn't support taint checking.
+
+
 =head2 Backwards compatibility
 
 Modules which are "stable" should not break backwards compatibility

diff --git a/pod/perlre.pod b/pod/perlre.pod
@@ -622,8 +622,8 @@ knowing if that character even exists in the locale, much less what code
 point it is.
 
 In a UTF-8 locale in v5.20 and later, the only visible difference
-between locale and non-locale in regular expressions should be tainting
-(see L<perlsec>).
+between locale and non-locale in regular expressions should be tainting,
+if your perl supports taint checking (see L<perlsec>).
 
 This modifier may be specified to be the default by C<use locale>, but
 see L</Which character set modifier is in effect?>.
@@ -1900,9 +1900,9 @@ stop user-supplied patterns containing code snippets from being
 executable.
 
 In situations where you need to enable this with C<use re 'eval'>, you should
-also have taint checking enabled.  Better yet, use the carefully
-constrained evaluation within a Safe compartment.  See L<perlsec> for
-details about both these mechanisms.
+also have taint checking enabled, if your perl supports it.
+Better yet, use the carefully constrained evaluation within a Safe compartment.
+See L<perlsec> for details about both these mechanisms.
 
 From the viewpoint of parsing, lexical variable scope and closures,
 

diff --git a/pod/perlretut.pod b/pod/perlretut.pod
@@ -2865,7 +2865,8 @@ pragmas are
     @parts = ($tainted =~ /(\w+)\s+(\w+)/; # @parts is now tainted
 
 The C<taint> pragma causes any substrings from a match with a tainted
-variable to be tainted as well.  This is not normally the case, as
+variable to be tainted as well, if your perl supports tainting
+(see L<perlsec>).  This is not normally the case, as
 regexps are often used to extract the safe bits from a tainted
 variable.  Use C<taint> when you are not extracting safe bits, but are
 performing some other processing.  Both C<taint> and C<eval> pragmas

diff --git a/pod/perlrun.pod b/pod/perlrun.pod
@@ -861,6 +861,9 @@ used I<only> as a temporary development aid while securing legacy code:
 for real production code and for new secure code written from scratch,
 always use the real L</-T>.
 
+This has no effect if your perl was built without taint support
+(see L<perlsec>).
+
 =item B<-T>
 X<-T>
 
@@ -874,6 +877,10 @@ seen by Perl quite early; usually this means it must appear early
 on the command line or in the C<#!> line for systems which support
 that construct.
 
+If your perl has been built without taint support, then this option
+has no effect. See L<perlsec> for how to check whether your perl
+supports taint checking.
+
 =item B<-u>
 X<-u>
-Original file line number
+Diff line change
@@ Expand Up / @@ -685,6 +685,7 @@ sub _calc_trace_wrapper @@
     }
     # taint tests
+    if (!exists($Config{taint_support}) || $Config{taint_support})
     {
         my $wrapper = _calc_trace_wrapper(
             {
@@ Expand Down @@