1

In the past I placed the Perl options in the "shebang line", like #!/usr/bin/perl -w, but then I discovered that

  • the options will be ignored when the program is run via perl your_perl_file
  • there is use warnings; that does not have the disadvantage listed above

Unfortunately there does not seem to exist an equivalent like use taint; for -T (taint mode). Specifically when debugging such feature would be useful avoiding messages like

"-T" is on the #! line, it must also be used on the command line at ./server.pl line 1.

Did I miss something, or are there reasons why such does not exist (in Perl 5.18)?

U. Windl
  • 3,480
  • 26
  • 54
  • Options on the shebang line are not ignored (in general) when invoked as `perl your_file`. In particular, -w is processed. `-T` is a bit of special case, because it needs to be detected and acted upon very early in the start up process. I am not aware of any workaround for this. – Dave Mitchell Aug 23 '23 at 10:04
  • I only found https://stackoverflow.com/a/2529070/6607497, but that won't help. – U. Windl Aug 23 '23 at 10:18

1 Answers1

2

It's too late by then. If you use use, you're searching @INC, and the contents of @INC are controller by -T.

What you could do:

die( "$0 must be run with taint enabled (`-T`).\n" ) if !${^TAINT};
ikegami
  • 367,544
  • 15
  • 269
  • 518
  • Well, it's probably formally correct to be unable to enable it in run-time, but for a practical point of view it's better to enable `-T` late rather than not enabling it at all. I mean: Most danger is probably not from the execution environment (like PATH), but from program input (e.g. considering some network services). – U. Windl Aug 24 '23 at 05:52
  • No, that's only one use-case for `-T`. Can't break the feature because *you* don't care about the other use-cases. – ikegami Aug 24 '23 at 07:18
  • Actually what would break, assuming there would be a `use taint` that would magically re-exec Perl with `-T` for that program? The security gap would be up to processing `use taint` and re-executing Perl. – U. Windl Aug 24 '23 at 08:19
  • Without `-T`, you can literally get Perl to execute code before the first line of your program is compiled using `PERL5OPT`. – ikegami Aug 24 '23 at 13:03