develooper Front page | perl.perl5.porters | Postings from November 2003

[patch pod/perlsec.pod] (was Re: why PERL5LIB is ignored when -T is in effect)

Thread Previous | Thread Next
From:
Stas Bekman
Date:
November 28, 2003 14:38
Subject:
[patch pod/perlsec.pod] (was Re: why PERL5LIB is ignored when -T is in effect)
Message ID:
3FC7CF51.7060804@stason.org
here is the long overdue patch based on the thread from a month ago. Everybody 
seemed to be happy with that addition.

--- pod/perlsec.pod.orig	2003-11-28 14:35:09.000000000 -0800
+++ pod/perlsec.pod	2003-11-28 14:40:48.000000000 -0800
@@ -195,6 +195,26 @@
  under such systems.  (This issue should arise only in Unix or
  Unix-like environments that support #! and setuid or setgid scripts.)

+=head2 Taint mode and @INC
+
+When the taint mode (C<-T>) is in effect, the "." directory is removed
+from C<@INC>, and the environment variables C<PERL5LIB> and C<PERLLIB>
+are ignored by Perl. You can still adjust C<@INC> from outside the
+program by using the C<-I> command line option as explained in the
+perlrun manpage. The two environment variables are ignored because
+they are obscured and a user running a program could be unaware that
+they are set, whereas the C<-I> option is clearly visible and
+therefore permitted.
+
+Another way to modify C<@INC> without modifying the program, is to use
+the C<lib> pragma, e.g.:
+
+  perl -Mlib=/foo program
+
+The benefit of using C<-Mlib=/foo> over C<-I/foo>, is that the former
+will automagically remove any duplicated directores, while the latter
+will not.
+
  =head2 Cleaning Up Your Path

  For "Insecure C<$ENV{PATH}>" messages, you need to set C<$ENV{'PATH'}> to a

__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com


Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About