develooper Front page | perl.perl5.porters | Postings from November 2003

[patch pod/perlsec.pod] (was Re: why PERL5LIB is ignored when -T is in effect)

Thread Previous | Thread Next
Stas Bekman
November 28, 2003 14:38
[patch pod/perlsec.pod] (was Re: why PERL5LIB is ignored when -T is in effect)
Message ID:
here is the long overdue patch based on the thread from a month ago. Everybody 
seemed to be happy with that addition.

--- pod/perlsec.pod.orig	2003-11-28 14:35:09.000000000 -0800
+++ pod/perlsec.pod	2003-11-28 14:40:48.000000000 -0800
@@ -195,6 +195,26 @@
  under such systems.  (This issue should arise only in Unix or
  Unix-like environments that support #! and setuid or setgid scripts.)

+=head2 Taint mode and @INC
+When the taint mode (C<-T>) is in effect, the "." directory is removed
+from C<@INC>, and the environment variables C<PERL5LIB> and C<PERLLIB>
+are ignored by Perl. You can still adjust C<@INC> from outside the
+program by using the C<-I> command line option as explained in the
+perlrun manpage. The two environment variables are ignored because
+they are obscured and a user running a program could be unaware that
+they are set, whereas the C<-I> option is clearly visible and
+therefore permitted.
+Another way to modify C<@INC> without modifying the program, is to use
+the C<lib> pragma, e.g.:
+  perl -Mlib=/foo program
+The benefit of using C<-Mlib=/foo> over C<-I/foo>, is that the former
+will automagically remove any duplicated directores, while the latter
+will not.
  =head2 Cleaning Up Your Path

  For "Insecure C<$ENV{PATH}>" messages, you need to set C<$ENV{'PATH'}> to a

Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker     mod_perl Guide --->

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About