[Purdue-pm] Problem with she-bang and PERL5OPT

Mark Senn mark at ecn.purdue.edu
Fri Nov 21 08:27:05 PST 2014


Rick Westerman <westerman at purdue.edu> wrote on 2014-11-21 at 09:01
|  Unfortunately mod_perl does not allow individual programs to run in
|  ‘taint’ mode so it is not an answer to my question of how to run
|  programs in non-taint mode.  However I’ll take your endorsement of
|  mod_perl to be a vote in favor of running ‘taint’ globally.  So far
|  1:for, 0:against.

My endorsement of mod_perl was not pro or anti 'taint'.

|  Oh, I haven’t mentioned how I run ‘taint’ in my web-based programs. I do
|  so by specifying explicitly the perl path.  I.e., no use of
|  ‘/usr/bin/env perl’.  But this means the program has to be changed to
|  use newer versions of perl and is also vulnerable to its version of perl
|  disappearing from the system.  Something we recently ran into thus my
|  recent questions.  Dave, on the other hand, doesn’t use ‘taint’ so he
|  can use /usr/bin/env.  Since ‘taint’ — similar to ‘strict’ and
|  ‘warnings’ and even unit testing — is just a crutch to help proper
|  coding there is not an absolute need for it.

A not-to-good solution: make /link/perl a hard link or symbolic link
to perl and run a cron job to make sure what /link/perl points to
is still there.

I keep coming across web frameworks (catalyst, dancer, mojolicious) and
PSGI in my reading.  I've never used any of them---I do very little
web stuff---just a few static HTML pages.    -mark


More information about the Purdue-pm mailing list