> On Feb 14, 2017, at 11:03 AM, Heiko Schlittermann <h...@schlittermann.de> > wrote: > > Todd Rinaldo via Exim-dev <exim-dev@exim.org> (Di 14 Feb 2017 17:46:52 CET): > … >> As the script maintainer, you're in a unique position to make a more >> directed decision that p5p was able to make. Removing . from the end of @INC >> was about getting rid of the tyrannical default. Ideally you would want to >> remove ALL relative paths. If you want to go buck wild, I'd recommend >> removing ALL relative paths from @INC. > > Agree. (As the -T mode does the same, so what is valid for '.' there is > valid for all reative paths in @INC)
IMO taint mode is a little over the top. If you want to do it, it's fine but a lot of work. > >> BEGIN { >> @INC = grep { !/^[.]/ } @INC >> } > > So better approach: > > BEGIN { > @INC = grep { !/^\// } @INC; > } Not sure if this works on windows :) > > But, that's basically the same what taint mode does, isn't it? > So, why not add -T to the #! line? This would give us @INC cleansing > *and* additional taint checks. As far as I know, -T does not remove support for relative paths. It just takes . off the end. Todd
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##