On 18 Dec 2007 00:05:01 +0100, Slaven Rezic <[EMAIL PROTECTED]> wrote:
> I see the many restrictions of $^X in this document, but it seems to
> me that using $^X just for calling the perl interpreter should be OK.
Just to be pedantic and because I'm curious, I looked into the issues with $^X.
I have several perls in my /home/david/bin directory that are symlinks
to the corresponding perl binary. E.g. perl555, perl562, perl588,
etc.
When invoked by the symlink, perl555 and perl562 have $^X as the
symlink name, not the actual binary name:
$ for f in perl555 perl562 perl588; do $f -e 'print "$^X\n"'; done
perl555
perl562
/home/david/perl/5.8.8/bin/perl
So, it's possible to construct a program running under taint, that
clears $ENV{PATH} (which has my bin directory) and then attempts to
execute $^X in system() in list form that will fail because "perl562"
isn't in the path. On perl588 that doesn't matter since $^X has the
full, absolute path anyway.
Probe::Perl is smart enough to work around those limitations:
$ perl562 -mProbe::Perl -Te 'undef $ENV{PATH}; print
Probe::Perl->find_perl_interpreter()'
/home/david/perl/5.6.2/bin/perl
So -- I would agree that it's hard to find a situation where $^X is a
problem, but not impossible. Whether that's worth using Probe::Perl
or not is up to individual authors.
David
