> On Feb 14, 2017, at 11:03 AM, Heiko Schlittermann <[email protected]> > wrote: > > Todd Rinaldo via Exim-dev <[email protected]> (Di 14 Feb 2017 17:46:52 CET): > … >> As the script maintainer, you're in a unique position to make a more >> directed decision that p5p was able to make. Removing . from the end of @INC >> was about getting rid of the tyrannical default. Ideally you would want to >> remove ALL relative paths. If you want to go buck wild, I'd recommend >> removing ALL relative paths from @INC. > > Agree. (As the -T mode does the same, so what is valid for '.' there is > valid for all reative paths in @INC)
IMO taint mode is a little over the top. If you want to do it, it's fine but a
lot of work.
>
>> BEGIN {
>> @INC = grep { !/^[.]/ } @INC
>> }
>
> So better approach:
>
> BEGIN {
> @INC = grep { !/^\// } @INC;
> }
Not sure if this works on windows :)
>
> But, that's basically the same what taint mode does, isn't it?
> So, why not add -T to the #! line? This would give us @INC cleansing
> *and* additional taint checks.
As far as I know, -T does not remove support for relative paths. It just takes
. off the end.
Todd
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
