[Purdue-pm] Problem with she-bang and PERL5OPT
Mark Senn
mark at ecn.purdue.edu
Fri Nov 21 08:27:05 PST 2014
Rick Westerman <westerman at purdue.edu> wrote on 2014-11-21 at 09:01
| Unfortunately mod_perl does not allow individual programs to run in
| ‘taint’ mode so it is not an answer to my question of how to run
| programs in non-taint mode. However I’ll take your endorsement of
| mod_perl to be a vote in favor of running ‘taint’ globally. So far
| 1:for, 0:against.
My endorsement of mod_perl was not pro or anti 'taint'.
| Oh, I haven’t mentioned how I run ‘taint’ in my web-based programs. I do
| so by specifying explicitly the perl path. I.e., no use of
| ‘/usr/bin/env perl’. But this means the program has to be changed to
| use newer versions of perl and is also vulnerable to its version of perl
| disappearing from the system. Something we recently ran into thus my
| recent questions. Dave, on the other hand, doesn’t use ‘taint’ so he
| can use /usr/bin/env. Since ‘taint’ — similar to ‘strict’ and
| ‘warnings’ and even unit testing — is just a crutch to help proper
| coding there is not an absolute need for it.
A not-to-good solution: make /link/perl a hard link or symbolic link
to perl and run a cron job to make sure what /link/perl points to
is still there.
I keep coming across web frameworks (catalyst, dancer, mojolicious) and
PSGI in my reading. I've never used any of them---I do very little
web stuff---just a few static HTML pages. -mark
More information about the Purdue-pm
mailing list