Re: use lib './' security safe?

on most systems I've seen, "." is included in @INC
I checked the following :

Each of these have current dir included in @INC

unshift(@INC, "./");
[download]

perldoc lib
I don't know of any security issues that would cause

Comment on Re: use lib './' security safe? Download Code

Replies are listed 'Best First'.
Re^2: use lib './' security safe? by hbo (Monk) on Jul 20, 2004 at 04:06 UTC
`unshift` would be bad. That puts "./" at the start of the search list, which means standard module names could be overridden by placing bogus ones in the CWD. `push @INC,"./";` [download] Better, but it isn't going to affect `use` statements, since those are evaluated at compile time. So, `use lib "./";` [download] is even better. But best is: `use lib /some/absolute/path/that/you/control;` [download] Update: `use lib "./"` is worse than `unshift @INC,"./"` because it also prepends "./" to the search path, but does so at compile time, where it can affect other `use` statements.	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^2: use lib './' security safe?
by hbo (Monk) on Jul 20, 2004 at 04:06 UTC

unshift

bad.

push @INC,"./";
[download]

but it isn't going to affect use statements, since those are evaluated at compile time. So,
use lib "./";
[download]
is even better.

use lib /some/absolute/path/that/you/control;
[download]

Update:

use lib "./"

unshift @INC,"./"

use