Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re^2: How and where to pass PERL_USE_UNSAFE_INC=1; to Perl while compilation.

by syphilis (Bishop)
on Sep 25, 2021 at 01:39 UTC ( #11137006=note: print w/replies, xml ) Need Help??


in reply to Re: How and where to pass PERL_USE_UNSAFE_INC=1; to Perl while compilation.
in thread How and where to pass PERL_USE_UNSAFE_INC=1; to Perl while compilation.

I think you'd pass it as an argument to configure ...

In perl5260delta.pod we find:
"PERL_USE_UNSAFE_INC" There is a new environment variable recognised by the perl interpreter. If this variable has the value 1 when the perl interpreter starts up, then "." will be automatically appended + to @INC (except under tainting). This allows you restore the old perl interpreter behaviour on +a case-by-case basis. But note that this is intended to be a tem +porary crutch, and this feature will likely be removed in some future + perl version. It is currently set by the "cpan" utility and "Test::Harness" to ease installation of CPAN modules which hav +e not been updated to handle the lack of dot. Once again, don't use +this unless you are sure that this will not reintroduce any securit +y concerns.
From that, I gather that you don't actually configure perl to have "." in @INC, but you instead set the environment variable PERL_USE_UNSAFE_INC to 1 in order obtain the "unsafe" @INC.

OTOH, we have in perlrun.pod:
PERL_USE_UNSAFE_INC If perl has been configured to not have the current directory in @INC by default, this variable can be set + to "1" to reinstate it. It's primarily intended for use w +hile building and testing modules that have not been update +d to deal with "." not being in @INC and should not be set +in the environment for day-to-day use.
And this suggests that it is possible to configure perl such that @INC is "unsafe" by default.
I, too, would guess that would be done as Fletch proposed.

But I couldn't locate any definitive documentation on the matter.

UPDATE: I've just received word from the p5p list that the correct configure arg to use is -Udefault_inc_excludes_dot and that this is documented in the INSTALL file (which is located in the top level directory of the perl source distro).

Cheers,
Rob

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11137006]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (6)
As of 2021-12-01 17:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    R or B?



    Results (13 votes). Check out past polls.

    Notices?