Re: use lib './' security safe?

Having '.' in @INC is moderately dangerous. For example, consider a script that did something like

BEGIN {
    eval { require "Some::Optional::Module" }
}
[download]

If you can persuade someone (preferably root) to run that script in a directory you have control of, on a system whose Perl installation doesn't have Some::Optional::Module, then bingo!

Dave.

Comment on Re: use lib './' security safe? Download Code