in reply to Re: do'.\dir\file' under -T on Windows
in thread do'.\dir\file' under -T on Windows

Maybe perl is emulating one of the classic *NIX security fixes (removing the current working directory from the path) in @INC when run in taint checking mode...

Just a thought ...

A user level that continues to overstate my experience :-))

Replies are listed 'Best First'.
Re^3: do'.\dir\file' under -T on Windows
by ikegami (Patriarch) on Feb 25, 2009 at 17:01 UTC

    If a taint check for relative paths were to be added, it would throw an exception rather than setting $! to file not found.

    Note that this taint check would be a departure from the current model which allows the current directory to be used. 

    $ cat script.pl
#!/usr/bin/perl
print "unsafe?\n";

$ perl -T -e'$ENV{PATH}=""; system "script.pl";'
unsafe?

    [download]
    $ cat Mod.pm
print "unsafe?\n";
1;

$ perl -T -e'@INC = "."; require Mod;'
unsafe?

    [download]

    Sounds like a pretty good idea to me, though. It would break stuff, but nothing that can't be fixed.

[reply]
[d/l]
[select]
      Thanks a lot,

      I sent a description/testcase to perlbug@perl.org .

      Regards, Christoph
[reply]
        Sorry,

        that anonymous was me, forgot to log in.

        Christoph
[reply]
Re^3: do'.\dir\file' under -T on Windows
by ikegami (Patriarch) on Feb 25, 2009 at 16:30 UTC

    That's fine. The problem isn't that "." isn't present in @INC, it's that @INC is used at all.

    The documented behaviour is to use @INC, but that's clearly not what other systems do when the path can't be a module path, or even on Windows when "/" is used as the separator. I'm not sure how "looks like a module path" is defined, but it's obviously buggy.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom