I'm just starting to play around with the taint -T switch in some of my programs, and I'm trying to figure out what gets marked as taintet, and what doesn't.

One thing that I am puzzled over is the behaviour of the glob angle brackets. I have an extremely simple example that complains Insecure dependency in glob while running with -T switch at ./taintglob.pl line 5.

#! /usr/bin/perl -wT

use strict;
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
my @entries = </var/www/htdocs/*.html>;
[download]

Seems straightforward enough. I found an old node that seems related, and in fact the parent node (as well as perlsec)indicates that this is supposed to happen (in perl 5.005_3, at least, which I am using).

So how do I get around this? File::Glob doesn't seem to exist for 5.5. Is there another module I can use? Am I missing something?

elbieelbieelbie