New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
outdated sentence in perlsec #16571
Comments
From lortav72@gmail.comThis is a bug report for perl from lortav72@gmail.com, In perlsec, the 'Taint mode and @INC' paragraph begins with the sentence: Possible better sentence can be: For perl version prior of 5.26 hen the taint mode (-T ) is in effect, the thanks for reading lortav72@gmail.com--- Site configuration information for perl 5.14.2: Configured by 1 at Tue Nov 22 18:26:53 2011. Summary of my perl5 (revision 5 version 14 subversion 2) configuration: Platform: Locally applied patches: @INC for perl 5.14.2: Environment for perl 5.14.2: PATH=C:\ulisse\strawberry\perl\site\bin;C:\ulisse\strawberry\perl\bin;C:\ulisse\strawberry\c\bin;C:\ulisse\bin\UnxUt |
From @tonycozOn Mon, 28 May 2018 13:41:43 -0700, lortav72@gmail.com wrote:
Something like the attached, maybe. Tony |
From @tonycoz0001-perl-133230-.-is-no-longer-in-INC-by-default.patchFrom fd1d01e82034d5a4e1bde1a7db296bb10c1ac479 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Thu, 31 May 2018 11:52:45 +1000
Subject: (perl #133230) . is no longer in @INC by default
---
pod/perlmodlib.PL | 3 ++-
pod/perlsec.pod | 6 +++---
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/pod/perlmodlib.PL b/pod/perlmodlib.PL
index b92f9ca151..0af82929e5 100644
--- a/pod/perlmodlib.PL
+++ b/pod/perlmodlib.PL
@@ -186,7 +186,8 @@ double quotes should be used instead of single quotes).
'find { wanted => sub { print canonpath $_ if /\.pm\z/ },
no_chdir => 1 }, @INC'
-(The -T is here to prevent '.' from being listed in @INC.)
+(The -T is here to prevent @INC from being populated by C<PERL5LIB>,
+C<PERL5LIB> and C<PERL_USE_UNSAFE_INC>.)
They should all have their own documentation installed and accessible
via your system man(1) command. If you do not have a B<find>
program, you can use the Perl B<find2perl> program instead, which
diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index b210445685..9bc40f216b 100644
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -245,11 +245,11 @@ Unix-like environments that support #! and setuid or setgid scripts.)
=head2 Taint mode and @INC
-When the taint mode (C<-T>) is in effect, the "." directory is removed
-from C<@INC>, and the environment variables C<PERL5LIB> and C<PERLLIB>
+When the taint mode (C<-T>) is in effect, the environment variables
+C<PERL5LIB>, C<PERLLIB> and C<PERL_USE_UNSAFE_INC>
are ignored by Perl. You can still adjust C<@INC> from outside the
program by using the C<-I> command line option as explained in
-L<perlrun>. The two environment variables are ignored because
+L<perlrun>. The three environment variables are ignored because
they are obscured, and a user running a program could be unaware that
they are set, whereas the C<-I> option is clearly visible and
therefore permitted.
--
2.11.0
|
The RT System itself - Status changed from 'new' to 'open' |
From @hvdsOn Wed, 30 May 2018 18:53:40 -0700, tonyc wrote:
s/PERL5LIB/PERLLIB/ the second time, I assume. |
Migrated from rt.perl.org#133230 (status was 'open')
Searchable as RT133230$
The text was updated successfully, but these errors were encountered: