Current directory in @INC potentially harmful

The warning "Current directory in @INC potentially harmful" is related to the Perl programming language.

In Perl, @INC is an array that contains the list of directories in which Perl will look for modules when they are loaded with the "use" statement. By default, the current directory (".") is included in @INC.

The warning is raised when the current directory is included in @INC because it could potentially lead to security vulnerabilities. If an attacker is able to place a malicious module in the current directory, and the script includes that module with "use", then the attacker's code will be executed with the permissions of the Perl script.

To avoid this vulnerability, it is recommended to explicitly include only the directories that are needed in @INC and to avoid adding "." (the current directory) to @INC.

You can remove the warning by explicitly setting the list of directories to include in @INC in your Perl script. For example, to include the directories "/usr/local/lib/perl5" and "/usr/lib/perl5", you can add the following code to the beginning of your script:

    use lib qw(/usr/local/lib/perl5 /usr/lib/perl5);

This will set the @INC array to only include the specified directories and not include the current directory.
0 Bruce 6/25/2014
Reply:

(Thread closed)
Related Posts:
📁 perl.perl5.porters
📃 341 articles.
⭐ 0 followers.

💬 0 Replies
👁️‍🗨️ 621 Views