You need to watch out for string eval's during execution. Now you might say, I'm not doing any string eval's. That may be true, but the modules that you've used at compile time, may do require at run-time. Many times this is done to reduce the memory footprint of the module and/or to reduce startup time.

This is also the mechanism that AutoLoader type modules use.

So you need to make sure that the files that are being required, can not be changed to include trojan horses. One way of doing that is with tripwire.

Then there is also the possibility of programs changing @INC and/or @ISA of a module. That would also offer ways of introducing executable code.

So basically, I think that if all of your explicit string eval's are covered, and you are sure that the modules that you use do not contain backdoors that would allow a string eval, and you're monitoring the files with tripwire, then maybe your idea makes sense as the final check on everything else. With a high chance on false positives, as Perl does its rearranging and changing of optrees with runtime requires anyway.

I don't think it is worth the trouble given all the other security features that Perl has. But please don't take my word for it, as I am not a security professional, just someone with some experience.

Liz