Todd Rinaldo via Exim-dev <[email protected]> (Di 14 Feb 2017 17:46:52 CET): … > As the script maintainer, you're in a unique position to make a more directed > decision that p5p was able to make. Removing . from the end of @INC was about > getting rid of the tyrannical default. Ideally you would want to remove ALL > relative paths. If you want to go buck wild, I'd recommend removing ALL > relative paths from @INC.
Agree. (As the -T mode does the same, so what is valid for '.' there is
valid for all reative paths in @INC)
> BEGIN {
> @INC = grep { !/^[.]/ } @INC
> }
So better approach:
BEGIN {
@INC = grep { !/^\// } @INC;
}
But, that's basically the same what taint mode does, isn't it?
So, why not add -T to the #! line? This would give us @INC cleansing
*and* additional taint checks.
--
Heiko
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
