Todd Rinaldo via Exim-dev <exim-dev@???> (Di 14 Feb 2017 17:46:52 CET):
…
> As the script maintainer, you're in a unique position to make a more directed decision that p5p was able to make. Removing . from the end of @INC was about getting rid of the tyrannical default. Ideally you would want to remove ALL relative paths. If you want to go buck wild, I'd recommend removing ALL relative paths from @INC.
Agree. (As the -T mode does the same, so what is valid for '.' there is
valid for all reative paths in @INC)
> BEGIN {
> @INC = grep { !/^[.]/ } @INC
> }
So better approach:
BEGIN {
@INC = grep { !/^\// } @INC;
}
But, that's basically the same what taint mode does, isn't it?
So, why not add -T to the #! line? This would give us @INC cleansing
*and* additional taint checks.
--
Heiko
