in reply to
Re: use lib './' security safe?
in thread use lib './' security safe?
Sorry you had an unproductive day. I've had a few like that myself.
After correcting myself and being corrected by others, I beg to differ slightly with your final conclusion.
use lib "./";
have security implications. If "./" is first in the module searh list, then a file called,for example, "CGI.pm," in the directory your script runs in, would alter the effect a use CGI;
directive would have, if it appeared after the first use
statement. In other words, you could be vulnerable to a trojan horse attack.
Of course, since "./" appears in the load path by default after all the other paths, this danger is considerably lessened. But for myself, I still dislike relying on a relative path to load code. When you don't have absolute control of the working directory your script will run from, it's better to use absolute paths for security's sake.