On Mar 25, 2004, at 3:06 PM, David Nicol wrote:
Question: How many ways are there to modify the include-path and does tainting allow you to set the include-path with tainted data in any of them and if so can this be repaired?
Without taint checking, the current working directory and $ENV{PERL5LIB} are both put into @INC. Either of these is suspect.
When taint checking is on, neither is added. So I think the only directories in @INC that's not compiled into the perl binary will come from "-I" switches on the command line (or in the script shebang line).
In perl 5.8.1, -I doesn't seem to taint @INC:
% perl -MScalar::Util=tainted -I/foo/bar -T -le 'print tainted($_) for @INC'
0
0
0
0
0
0
0
0
0
Maybe it should?
-Ken
