How to find Perl modules in the same directory as a script
Now that recent versions of Perl have removed the "." from @INC, I'm curious about the best way to use the module file location. Until now, the * .pm files associated with every application on our website have been in the same directory as the scripts. This, I understand, creates a security vulnerability.
We don't have write access to the rest of the directories in @INC.
We could just leave the PM files where they are and add use lib ".";
to all of our existing scripts, but wouldn't that keep the security vulnerability?
Any suggestions on how our Perl scripts and related modules can be better organized in light of this new development?
source to share
No, placing modules in the same directory as the script is not a security vulnerability. Assuming the current working directory ( .
) is the script directory is a bug and security vulnerability.
.
was never guaranteed to be the directory the script resides in. (In fact, time and time again, people have discovered what .
will be /
in CGI scripts.) Just keep using what you should already be using:
use FindBin qw( $RealBin );
use lib $RealBin;
source to share
An alternative to FindBin is:
#!/usr/bin/env perl
use strict;
use warnings;
use File::Basename qw( dirname );
use File::Spec::Functions qw( rel2abs );
use lib rel2abs( dirname(__FILE__) );
print "$_\n" for @INC;
As @ikegami points out, if you want to be able to reference a script via symbolic links, you will need:
use Cwd qw( abs_path );
use lib dirname(abs_path($0));
source to share