When the taint mode ("-T") is in effect, the "." directory is removed from @INC, and the environment variables "PERL5LIB" and "PERLLIB" are ignored by Perl since they are obscured.
You can still adjust @INC from outside the program by using the "-I" command line option. The "-I" switch is clearly visible and therefore permitted.
Another way to modify @INC without modifying the program, is to use the "lib" pragma at command line.
perl -Mlib=/my/module_dir script.pl
Note that if a tainted string is added to @INC, the following problem will be reported:
"Insecure dependency in require while running with -T switch"
You can still adjust @INC from outside the program by using the "-I" command line option. The "-I" switch is clearly visible and therefore permitted.
Another way to modify @INC without modifying the program, is to use the "lib" pragma at command line.
perl -Mlib=/my/module_dir script.pl
Note that if a tainted string is added to @INC, the following problem will be reported:
"Insecure dependency in require while running with -T switch"
No comments :
Post a Comment