Script Security with Taint Checking
Say you wrote a Perl script that was intended to be run by someone you don't know and don't necessarily trust—for example, if you're administering a multiuser Unix machine, or if your script will be used for CGI. Because you don't know the person running that script, that person could theoretically have hostile intentions and attempt to use your script to gain unauthorized access to your system or damage it in some way.
So what can you do to prevent a malicious user from doing any damage through your script? Careful programming can help with that—checking to make sure input doesn't include any sneaky things before passing it to a system function call or backquotes, for example. But sometimes it's hard to keep track of what data might be insecure, or hard to remember to make those sorts of checks. That's where taint mode can come in handy.
Taint mode is enabled with the -T option to Perl. (It also runs automatically if the user or group ID of the script itself is different from the user or group ID of the person running the script—for example, setuid scripts on Unix systems). When taint mode is enabled, Perl will watch the data that comes into your script—the environment, any command-line arguments, or data from a file handle (including standard input). If you try to use that data to affect anything outside your script, Perl will immediately exit. To actually use that data, you'll have to write your script to modify or extract specific bits of that data, thereby preventing data you don't expect from slipping through.
In other words, taint mode doesn't provide any extra security, but it does force you to write your code with an eye for security. If your scripts might end up running in an insecure environment, taint mode can help you make sure your scripts aren't glaring security holes for your system.
Find out more about taint mode and security in Perl in the perlsec man page. For more general issues of security and CGI, check out the WWW security FAQ at http://www.w3.org/Security/Faq/.
If you're particularly concerned about the security of your scripts in general, you might also want to check out Penguin, part of CPAN, which provides an environment that allows you to encrypt and digitally sign a piece of code and send it to some other site. At the destination site, Penguin decrypts and checks the trustworthiness of that code before executing it. Even then, Penguin executes the code within tightly controlled confines. You could consider Penguin similar to Java's mechanism for signing applets, and then running them inside a closed, secure “sandbox.” See CPAN for more details about Penguin.