RE: [PATCH pod/perlvar.pod] $^X

From: "Green, Paul" <Paul.Green@stratus.com>
Message-ID: <A2A34F15EE916148BC4C4748223E67A4027C25E4@EXNA4.stratus.com>

p4raw-id: //depot/perl@16892

diff --git a/pod/perlvar.pod b/pod/perlvar.pod
index 2e08f00..bf1d765 100644 (file)
--- a/pod/perlvar.pod
+++ b/pod/perlvar.pod
@@ -1150,21 +1150,51 @@ lexical scope.  See L<bytes>.
 
 =item $^X
 
-The name that the Perl binary itself was executed as, from C's
+The name used to execute the current copy of Perl, from C's
 C<argv[0]>.
 
-This may not be a full pathname, nor even necessarily in your path.
-Currently there is no universal solution for this; you may want to try:
+Depending on the host operating system, the value of $^X may be
+a relative or absolute pathname of the perl program file, or may
+be the string used to invoke perl but not the pathname of the
+perl program file.  Also, most operating systems permit invoking
+programs that are not in the PATH environment variable, so there
+is no guarantee that the value of $^X is in PATH.
 
-  use Config;
-  $current_perl_path = (-x $^X) ? $^X : $Config{perlpath};
+You usually can use the value of $^X to re-invoke an independent
+copy of the same perl that is currently running, e.g.,
+
+  @first_run = `$^X -le "print int rand 100 for 1..100"`;
+
+But recall that not all operating systems support forking or
+capturing of the output of commands, so this complex statement
+may not be portable.
 
-The security-conscious would write:
+It is not safe to use the value of $^X as a path name of a file,
+as some operating systems that have a mandatory suffix on
+executable files do not require use of the suffix when invoking
+a command.  To convert the value of $^X to a path name, use the
+following statements:
+
+# Build up a set of file names (not command names).
+  use Config;
+  use File::Spec;
+  $this_perl = File::Spec->canonpath($^X);
+  $this_perl .= $Config{exe_ext}
+          unless $this_perl =~ m/$Config{exe_ext}$/i;
+
+Because many operating systems permit anyone with read access to
+the Perl program file to make a copy of it, patch the copy, and
+then execute the copy, the security-conscious Perl programmer
+should take care to invoke the installed copy of perl, not the
+copy referenced by $^X.  The following statements accomplish
+this goal, and produce a pathname that can be invoked as a
+command or referenced as a file.
 
   use Config;
   use File::Spec;
-  $current_perl_path = (File::Spec->file_name_is_absolute($^X) && -x $^X)
-                     ? $^X : $Config{perlpath};
+  $secure_perl_path = File::Spec->canonpath($Config{perlpath});
+  $secure_perl_path .= $Config{exe_ext}
+          unless $secure_perl_path =~ m/$Config{exe_ext}$/i;
 
 =item ARGV