develooper Front page | perl.perl5.porters | Postings from August 2016

[perl #127810] Provide -Dfortify_inc Configure option to remove .from @INC

Thread Next
From:
Todd Rinaldo via RT
Date:
August 3, 2016 14:49
Subject:
[perl #127810] Provide -Dfortify_inc Configure option to remove .from @INC
Message ID:
rt-4.0.24-12337-1470235750-1501.127810-15-0@perl.org
On Tue Jul 26 14:31:23 2016, mst@shadowcat.co.uk wrote:
>
> 1) Apply a patch now that provides an option to remove '.' from @INC, but
>    with the option disabled by default

I'm up for this. It was the originally submitted patch actually.

> 2) Have some of us build perls with the option turned on and smoke ALL the
>    things to figure out just how much fun this isn't going to be (because
>    it's already clear that inc::latest, inc::Module::Install, t::lib and
>    various other things that get used a bunch are going to die horribly).

Possibly. Based on offline conversations, I think maybe we need to start a separate thread about how how the Perl repo needs something that smokes some experimental branch against ALL of CPAN and then reports it but maybe not to CPAN testers? I'll send an email shortly about it.
 
> 4) Then, N blead releases onwards, switch the default to 'enabled', and
>    see how many BBC reports we get in spite of our efforts in steps 2 and 3

Yep changing the default later would be minor. This backs the idea of using a Configure option that some were against. IMO we have all sorts of Configure options there to shoot yourself in the foot with. I don't see why this would be different.

So there is 1 unaddressed problem in your approach I think.
 
Perl does not build well without PERL_USE_UNSAFE_INC=1 set. I *THINK* this means I still have to modify EU::MM and Test::Harness to get perl to compile. I will experiment to see how minimal I can make that today. However, I suspect this will increase the size of my submission significantly. My original goal was to make the patch small since I didn't have much buy in but I think that's changed.

Todd

I will submit a re-based patch later today with my proposal based on ALL (one :) ) of the responses so far. 

Todd

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=127810

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About