[headius]

Because tainting is an inherently flawed way to do security. Blacklisting capabilities/methods/data always leaves holes behind, and it's nearly impossible to secure a system using tainting alone. Even the Perl folks say it shouldn't be used as a security mechanism...it should be used to help thin out security issues during development and testing.

If you want to secure a system...whitelist, don't blacklist.

[teyc]

If the runtime overhead is low, then shouldn't tainting be used in addition to other techniques? ala Defense in depth?

[headius]

You certainly can do that. You can also add more and more locks to your doors while leaving your windows open.

[mpyne]

My understanding of the taint flag as implemented in Perl is that it is very much a whitelist. All user input is born tainted and much be verified clean before the flag is removed. It's possible to screw this up by verifying too much, but that's an overly-expansive whitelist problem, not a blacklist that isn't restrictive enough.