Definition: taint: A common vulnerability that hackers use to break into systems is the lack of proper input validation. The problem is that programmers expect users to enter in "proper" input, but fail to check for the case of hostile users carefully crafting input designed to compromise the system. The problems with input validation is that the part of the system that receives the input does not know enough to validate it properly. On the other hand, every single component in the system cannot thoroughly validate input. The concept of "taint" is to mark certain inputs as having been entered by the user. Only a thorough desconstruction/ reconstruction of the data removes the taint. Some programming languages, like PERL, automate this tracking. Others, like C, requires manual tracking. Example: Version 4 of PERL has a special alternative interpretter called tainperl that tracks tainted input. Version 5 of PERL has the option "-T" that tracks taint. See also: metacharacter
.................................
Source: Hacking-Lexicon / Linux Dictionary V 0.16
http://www.tldp.org/LDP/Linux-Dictionary/html/index.html
Author: Binh Nguyen linuxfilesystem(at)yahoo(dot)com(dot)au
.................................
