develooper Front page | perl.perl5.porters | Postings from October 2016

[perl #127810] Provide -Dfortify_inc Configure option to remove .from @INC

Thread Previous | Thread Next
From:
Todd Rinaldo via RT
Date:
October 22, 2016 22:50
Subject:
[perl #127810] Provide -Dfortify_inc Configure option to remove .from @INC
Message ID:
rt-4.0.24-11988-1477176627-788.127810-15-0@perl.org
On Sat Oct 22 08:24:33 2016, mst@shadowcat.co.uk wrote:
> > Yes. The same goes for require since as best I can tell it's the same
> > underlying code. Is this a problem?
> 
> I think it is.
> 
> 'require' is meant to load modules, so the normal use case is walking
> @INC,
> so its behaviour is (relatively) expected here.
> 
> 'do' is documented as "largely like: eval `cat stat.pl`" and generally
> used
> as such - the fact that its support for files in the current working
> directory comes via .-in-@INC is, I think, an implementation detail.

You pulled cat stat.pl  from the docs the next line explicitly says that
it does this based on searching @INC. In point of fact if stat.pl  was
also in a library path, it would have the same surprising result of not
loading the local file.

> 
> So having do() suddenly fail to DWIM for its most common and
> documented
> purpose is going to be intensely confusing, especially given its
> common
> use for e.g. relative loading of config files in Olde CGI Scripts.

I would argue the Olde CGI scripts using a shiny new perl they
explicitly built to not have . in @INC should also be surprised if
that works. Note: all they have to do is change the code to
'do "./stat.pl "' to get that intended result



> 
> I'm not sure what, if anything, can be done to rescue that, but it
> seems
> like a much bigger POLS violation than the rest of the effects, and at
> least we should explicitly consider the impact and whether there's
> some way
> to ameliorate it.

The whole point of this change is that cwd should not be relevant
to a running program's loading logic. It is my belief that do honoring
@INC is consistent and correct.

Now, if all you are arguing for is that we update the docs I am for that,
but please let's do that in an alternate patch. This ticket is getting a
little long in the tooth.



---
via perlbug:  queue: perl5 status: open
https://rt.perl.org/Ticket/Display.html?id=127810

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About