> On Feb 14, 2017, at 11:03 AM, Heiko Schlittermann <hs@???> wrote:
>
> Todd Rinaldo via Exim-dev <exim-dev@???> (Di 14 Feb 2017 17:46:52 CET):
> …
>> As the script maintainer, you're in a unique position to make a more directed decision that p5p was able to make. Removing . from the end of @INC was about getting rid of the tyrannical default. Ideally you would want to remove ALL relative paths. If you want to go buck wild, I'd recommend removing ALL relative paths from @INC.
>
> Agree. (As the -T mode does the same, so what is valid for '.' there is
> valid for all reative paths in @INC)
IMO taint mode is a little over the top. If you want to do it, it's fine but a lot of work.
>
>> BEGIN {
>> @INC = grep { !/^[.]/ } @INC
>> }
>
> So better approach:
>
> BEGIN {
> @INC = grep { !/^\// } @INC;
> }
Not sure if this works on windows :)
>
> But, that's basically the same what taint mode does, isn't it?
> So, why not add -T to the #! line? This would give us @INC cleansing
> *and* additional taint checks.
As far as I know, -T does not remove support for relative paths. It just takes . off the end.
Todd