Re: use lib './' security safe?

According to the 3rd Blue Camel, "." should be in the default @INC, so adding it shouldn't be necessary for 5.6 and before. However, my Perl 5.8.1 shows this:


hbo@owen|1347> perl -e 'print join "\n",@INC'
/usr/lib/perl5/5.8.1/i686-linux
/usr/lib/perl5/5.8.1
/usr/lib/perl5/site_perl/5.8.1/i686-linux
/usr/lib/perl5/site_perl/5.8.1
/usr/lib/perl5/site_perl/5.8.0
/usr/lib/perl5/site_perl/5.6.0
/usr/lib/perl5/site_perl
[download]

~~So it appears that the default has changed for 5.8, which came out after the last edition of Programming Perl.~~
Update: This is wrong. See beable's correction below.

Since use et al take the first match, there shouldn't be a danger of loading a bogus standard module if you have "."at the end of @INC. It's similar to having "./" at the end of your Unix PATH, however, in that what "./" means changes with your CWD. This opens up a possibility of loading a non-standard module that you don't expect. If you have root, (or administrator for *ix challenged) it's good practise to install your modules in the site_perl directories.

For my personal software, I create and use a ~/lib/perl and include the following at the top of my scripts:

use lib /path/to/my/home/lib/perl;
[download]

That way I avoid the pesky relative path.

Comment on Re: use lib './' security safe? Select or Download Code

Replies are listed 'Best First'.
Re^2: use lib './' security safe? by beable (Friar) on Jul 20, 2004 at 04:09 UTC
Are you sure you didn't miss the dot on the end? Please run this: `perl -e 'print join "\n",@INC,"\n"'`	[reply] [d/l]
Re^3: use lib './' security safe? by hbo (Monk) on Jul 20, 2004 at 04:43 UTC
Yup, you are correct. The "." appeared at the beginning of my prompt on the next line and I missed it.	[reply]