Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses

Re^2: perl vs she-bang perl

by mpersico (Scribe)
on Mar 07, 2013 at 17:08 UTC ( #1022274=note: print w/replies, xml ) Need Help??

in reply to Re: perl vs she-bang perl
in thread perl vs she-bang perl

After I sent my reply above, I went off and did a rather involved exploration of /proc and ps that I was going to post here. But, as a result of that work, and a discussion of it with a colleague, I came to the conclusion that using any external means of determining a process' own start up command is potentially inaccurate and a potential security breach.


Well, you can lie to exec about what $0 is in the first place (see and search for lie). And the lie will be propagated in /proc and ps, so using those are no better than using $0. Additionally, I would imagine that mucking around with your environment (especially $ENV{PATH}) before calling exec on a naked perl command could be the potential security hazard.

I am convinced that the safest way for a Perl program to re-invoke yourself is to build the command as follows:

  • Use $^X in place of the perl command you might determine externally.
  • Use Devel::PL_origargv for arguments/options to Perl itself.
  • Use $0 for the script name (although this can be fraught with peril, as noted above).
  • Use a copy of @ARGV before any getopt processing.
  • Put all of these in an array and use the exec(@array) form, not the exec("@array") string form.

Still sounds like an operation worth of a module. Potential names anyone? Reinvoke? Groundhog ? :-)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1022274]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (7)
As of 2018-05-21 21:06 GMT
Find Nodes?
    Voting Booth?