develooper Front page | perl.perl5.porters | Postings from October 2016

[perl #127810] Provide -Dfortify_inc Configure option to remove .from @INC

Thread Previous | Thread Next
Todd Rinaldo via RT
October 22, 2016 22:50
[perl #127810] Provide -Dfortify_inc Configure option to remove .from @INC
Message ID:
On Sat Oct 22 08:24:33 2016, wrote:
> > Yes. The same goes for require since as best I can tell it's the same
> > underlying code. Is this a problem?
> I think it is.
> 'require' is meant to load modules, so the normal use case is walking
> @INC,
> so its behaviour is (relatively) expected here.
> 'do' is documented as "largely like: eval `cat`" and generally
> used
> as such - the fact that its support for files in the current working
> directory comes via .-in-@INC is, I think, an implementation detail.

You pulled cat  from the docs the next line explicitly says that
it does this based on searching @INC. In point of fact if  was
also in a library path, it would have the same surprising result of not
loading the local file.

> So having do() suddenly fail to DWIM for its most common and
> documented
> purpose is going to be intensely confusing, especially given its
> common
> use for e.g. relative loading of config files in Olde CGI Scripts.

I would argue the Olde CGI scripts using a shiny new perl they
explicitly built to not have . in @INC should also be surprised if
that works. Note: all they have to do is change the code to
'do "./ "' to get that intended result

> I'm not sure what, if anything, can be done to rescue that, but it
> seems
> like a much bigger POLS violation than the rest of the effects, and at
> least we should explicitly consider the impact and whether there's
> some way
> to ameliorate it.

The whole point of this change is that cwd should not be relevant
to a running program's loading logic. It is my belief that do honoring
@INC is consistent and correct.

Now, if all you are arguing for is that we update the docs I am for that,
but please let's do that in an alternate patch. This ticket is getting a
little long in the tooth.

via perlbug:  queue: perl5 status: open

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About