On Mon, 29 Dec 1997, Chris Nandor wrote: >Basically, as per a previous request, MacPerl automatically adds >":site_perl" to @INC (where it is relative to the MacPerl app). However, >Matthias adds it in such a way that it is "hardcoded", so that it is still >in @INC when taint checking is on. > >My question is this: does anyone see a problem with adding :lib (and >:lib:arch, wher arch is MacPPC or MacCFM68K (or Mac68K?)) in the same >hard-coded fashion? This would basically make it like Unix perl. >Problems? Either in security or otherwise? Yes I have a problem with this. ":lib" is relative to the current directory, NOT the MacPerl app path. I think that whenever a droplet is used, the current directory is (by default) the directory of the script. So ":lib" is searched there. Second, anybody can change directories inside a script, even in a BEGIN block). So basically you can include any directory you like, as long as it's name matches one of the default relative directories in @INC. As far as taint checking is concerned, this sucks. BTW why does taint checking makes a fuss about what is in @INC? Unless each directory in @INC by default is write protected, this won't be any guarantee. It is (or at least, can be) on Unix, for user "nobody", the CGI/browser clients. Bart. ***** Want to unsubscribe from this list? ***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch