It shouldn't be a problem with mod_perl actually, but in CGI mode it uses the apache environment; you can't really be sure that there isn't an executable somewhere called "perl" that isn't what you expect it to be...
Here's the Apache $PATH on my RHEL 4 system : /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
And here's the path for some regular user : /usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/opt/bin
Someone for some reason, may have installed for instance a setuid perl as /usr/sbin/perl, which isn't in the user's path, but would be run FIRST by Apache... And here's your CGI running as root, howdy!
Well, I hope you've got my point : using #!/bin/env perl for your own personal scripts is OK, but please don't do that for production code.
|