Hi,

In message "Re: Taintedness inheritence"
    on 02/05/05, Sean Russell <ser / germane-software.com> writes:

|In fact, as far as I can tell, Strings are the only things where taintedness 
|is "inherited" to other objects derived from tainted objects.

I see.  I often call it "taint propagation".

|It isn't clear to me, from the behavior of Ruby or any other documentation, 
|what the Standard Operating Procedure regarding taintedness inheritance is.  
|What are the guidelines?  When deriving new objects from other objects, 
|should the taintedness be "inherited"?  If so, why do most objects not do 
|so?  If not, why do Strings do so?

Here's the policy:

  * String taintedness should be propagated eagerly.
  * Taintedness of other objects are propagated lazily.

This is because taintedness of strings are marks for external
(untrusted) data, whereas taintedness of other objects are to mark
they are created by untrusted code ($SAFE > 3).

							matz.