Michael Schroeder wrote: > > here's a patch from SuSE's perl-5.8.5. It changes the putenv > handling in a way so that PERL_USE_SAFE_PUTENV is defined for > applications that embedded perl. It does this by adding a > global variable "Perl_use_safe_putenv" that defaults to 1 but > is cleared by perlmain. > > The reasoning is this: Perl applications know that they must > call perl's putenv, so it is safe to use it in this case. If > perl is just a module in another application (e.g. mod_perl), > this assumption no longer holds, so we have to switch to the > safe system putenv in that case.
Thanks, I've applied a modified version of this patch to bleadperl as change #23507. (Basically I added the new global in perlvars.h instead of providing multiple external declarations in the C files that use it.)
