From: Stas Bekman Date: Fri, 28 Nov 2003 14:42:25 +0000 (-0800) Subject: [patch pod/perlsec.pod] (was Re: why PERL5LIB is ignored when -T is in effect) X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=588f721066bebf3e4bee6bfb212ff0dd4bd4dfa9;p=p5sagit%2Fp5-mst-13.2.git [patch pod/perlsec.pod] (was Re: why PERL5LIB is ignored when -T is in effect) Message-ID: <3FC7CF51.7060804@stason.org> p4raw-id: //depot/perl@21799 --- diff --git a/pod/perlsec.pod b/pod/perlsec.pod index 41f9669..8948902 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -195,6 +195,26 @@ line, so you may need to use something like C<-wU> instead of C<-w -U> under such systems. (This issue should arise only in Unix or Unix-like environments that support #! and setuid or setgid scripts.) +=head2 Taint mode and @INC + +When the taint mode (C<-T>) is in effect, the "." directory is removed +from C<@INC>, and the environment variables C and C +are ignored by Perl. You can still adjust C<@INC> from outside the +program by using the C<-I> command line option as explained in +L. The two environment variables are ignored because +they are obscured, and a user running a program could be unaware that +they are set, whereas the C<-I> option is clearly visible and +therefore permitted. + +Another way to modify C<@INC> without modifying the program, is to use +the C pragma, e.g.: + + perl -Mlib=/foo program + +The benefit of using C<-Mlib=/foo> over C<-I/foo>, is that the former +will automagically remove any duplicated directories, while the later +will not. + =head2 Cleaning Up Your Path For "Insecure C<$ENV{PATH}>" messages, you need to set C<$ENV{'PATH'}> to a