Taint mode is another business. It is the "paranoid" mode, where anything that comes from the outside world, including the environment, is considered untrusted by default, until you explicitly untaint it.
If I, *) know (or guess) that your code calls SomeModule->doSomething(), *) have a way to set up PERL5LIB *) gained write access to some directory (say /tmp) I could cause your script to do anything I want when it calls SomeModule->doSomething(). One may say, those "if"s are unlikely to occur, but this is the "paranoid" mode, where "unlikely" is not in the dictionary. The strict behaviour of taint-mode forces the script to do a "use lib" explicitly if it wants to "use" modules from some non-standard directory. Cheers, Ayhan -----Message d'origine----- De�: Geoffrey Young [mailto:[EMAIL PROTECTED] Envoy�: vendredi 17 octobre 2003 01:56 ��: Stas Bekman Cc�: [EMAIL PROTECTED] Objet�: Re: [PATCH] add PERL5LIB to @INC in the correct order > OK, I'm convinced on this one. We should add a new entry to > porting/compat.pod then, including you summary above. Should I do that, > or will you handle that. I'll put it on my ToDo. > > I still want to know why PERL5LIB is ignored by perl, I will ask p5p as > perlsec.pod doesn't say anything about it. yeah, me too. --Geoff --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
