Which reminds me... I've been using the #!/usr/bin/env perl shebang for easier distribution, but env doesn't like switches. Is there a way to set taint mode via `use` or the like (ala use warnings; for -w). I can't seem to locate anything in the manuals other than the -T flag.
Correct me if I'm wrong, but the primary reason for using
#!/usr/bin/env perl
is to avoid hardcoding the path to perl. The #! requires an absolute path, and so if you use #!/usr/bin/perl, you wont work if the customer is using /usr/local/bin/perl.
On the other hand, Taint mode's purpose is to ensure that your program cannot do anything nefarious due to user input.
In this case, the user's PATH environment variable would control which perl you executed, thus rendering all actions suspect. Generally the first thing a Taint mode program would do is clear the PATH environment variable to '/bin:/sbin' or the like.
Thus any attempt to use both "/usr/bin/env perl" and taint mode is fraught with danger.
Regardless, the only place you can use the -T switch is on the command line unless the script is executed directly in which case the #! line must be an absolute path to perl.
I have some vague memories of some sort of hack to do something along the lines of:
#!/bin/sh perl -T $0 (or whatever the variable is for this script path).
with some magic to hide the perl command from the perl interpreter. But my memory is insufficient to the task and this would still leave you susceptible to the user's PATH which you may want to support but which is quite dangerous to combine with Taint mode.
Enjoy, Peter. -- I was away from Feb 12 - Feb 19, sorry for any email delays. <http://www.stairways.com/> <http://download.stairways.com/>
