|
|
4dad76 |
From f73351928dfa1d1d564d3f7b8e63c5281ed835ee Mon Sep 17 00:00:00 2001
|
|
|
4dad76 |
From: Dave Cross <dave@dave.org.uk>
|
|
|
4dad76 |
Date: Tue, 22 Oct 2019 14:24:13 +0100
|
|
|
4dad76 |
Subject: [PATCH] Fix taint mode @INC documentation
|
|
|
4dad76 |
MIME-Version: 1.0
|
|
|
4dad76 |
Content-Type: text/plain; charset=UTF-8
|
|
|
4dad76 |
Content-Transfer-Encoding: 8bit
|
|
|
4dad76 |
|
|
|
4dad76 |
Explain that -T no longer removes '.' from @INC because, since
|
|
|
4dad76 |
5.26, '.' isn't in @INC to start with.
|
|
|
4dad76 |
|
|
|
4dad76 |
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
|
4dad76 |
---
|
|
|
4dad76 |
pod/perlsec.pod | 8 ++++++--
|
|
|
4dad76 |
1 file changed, 6 insertions(+), 2 deletions(-)
|
|
|
4dad76 |
|
|
|
4dad76 |
diff --git a/pod/perlsec.pod b/pod/perlsec.pod
|
|
|
4dad76 |
index b210445685..0682674143 100644
|
|
|
4dad76 |
--- a/pod/perlsec.pod
|
|
|
4dad76 |
+++ b/pod/perlsec.pod
|
|
|
4dad76 |
@@ -245,8 +245,8 @@ Unix-like environments that support #! and setuid or setgid scripts.)
|
|
|
4dad76 |
|
|
|
4dad76 |
=head2 Taint mode and @INC
|
|
|
4dad76 |
|
|
|
4dad76 |
-When the taint mode (C<-T>) is in effect, the "." directory is removed
|
|
|
4dad76 |
-from C<@INC>, and the environment variables C<PERL5LIB> and C<PERLLIB>
|
|
|
4dad76 |
+When the taint mode (C<-T>) is in effect, the environment variables
|
|
|
4dad76 |
+C<PERL5LIB> and C<PERLLIB>
|
|
|
4dad76 |
are ignored by Perl. You can still adjust C<@INC> from outside the
|
|
|
4dad76 |
program by using the C<-I> command line option as explained in
|
|
|
4dad76 |
L<perlrun>. The two environment variables are ignored because
|
|
|
4dad76 |
@@ -268,6 +268,10 @@ problem will be reported:
|
|
|
4dad76 |
|
|
|
4dad76 |
Insecure dependency in require while running with -T switch
|
|
|
4dad76 |
|
|
|
4dad76 |
+On versions of Perl before 5.26, activating taint mode will also remove
|
|
|
4dad76 |
+the current directory (".") from C<@INC>. Since version 5.26, the
|
|
|
4dad76 |
+current directory isn't included in C<@INC>.
|
|
|
4dad76 |
+
|
|
|
4dad76 |
=head2 Cleaning Up Your Path
|
|
|
4dad76 |
|
|
|
4dad76 |
For "Insecure C<$ENV{PATH}>" messages, you need to set C<$ENV{'PATH'}> to
|
|
|
4dad76 |
--
|
|
|
4dad76 |
2.21.0
|
|
|
4dad76 |
|