in reply to Re: How and where to pass PERL_USE_UNSAFE_INC=1; to Perl while compilation.
in thread How and where to pass PERL_USE_UNSAFE_INC=1; to Perl while compilation.
I think you'd pass it as an argument to configure ...
In perl5260delta.pod we find:
OTOH, we have in perlrun.pod:
I, too, would guess that would be done as Fletch proposed.
But I couldn't locate any definitive documentation on the matter.
UPDATE: I've just received word from the p5p list that the correct configure arg to use is -Udefault_inc_excludes_dot and that this is documented in the INSTALL file (which is located in the top level directory of the perl source distro).
Cheers,
Rob
In perl5260delta.pod we find:
From that, I gather that you don't actually configure perl to have "." in @INC, but you instead set the environment variable PERL_USE_UNSAFE_INC to 1 in order obtain the "unsafe" @INC."PERL_USE_UNSAFE_INC" There is a new environment variable recognised by the perl interpreter. If this variable has the value 1 when the perl interpreter starts up, then "." will be automatically appended + to @INC (except under tainting). This allows you restore the old perl interpreter behaviour on +a case-by-case basis. But note that this is intended to be a tem +porary crutch, and this feature will likely be removed in some future + perl version. It is currently set by the "cpan" utility and "Test::Harness" to ease installation of CPAN modules which hav +e not been updated to handle the lack of dot. Once again, don't use +this unless you are sure that this will not reintroduce any securit +y concerns.
OTOH, we have in perlrun.pod:
And this suggests that it is possible to configure perl such that @INC is "unsafe" by default.PERL_USE_UNSAFE_INC If perl has been configured to not have the current directory in @INC by default, this variable can be set + to "1" to reinstate it. It's primarily intended for use w +hile building and testing modules that have not been update +d to deal with "." not being in @INC and should not be set +in the environment for day-to-day use.
I, too, would guess that would be done as Fletch proposed.
But I couldn't locate any definitive documentation on the matter.
UPDATE: I've just received word from the p5p list that the correct configure arg to use is -Udefault_inc_excludes_dot and that this is documented in the INSTALL file (which is located in the top level directory of the perl source distro).
Cheers,
Rob
In Section
Seekers of Perl Wisdom