Geek Answers Handbook

What is the value of -T or -w in #! / Usr / bin / perl?

I googled around #!/usr/bin/perl , but I could not find a satisfactory answer. I know this is a pretty simple thing, but can it still explain to me what the value of #!/usr/bin/perl in Perl? Moreover, what does -w or -T mean in #!/usr/bin/perl ? I am new to Perl, so please be patient.

+7
source share
4 answers

#! commonly called " shebang " and it tells the computer how to run the script. You will also see many shell scripts with #!/bin/sh or #!/bin/bash .

So, /usr/bin/perl is your Perl interpreter, and it starts up and is set to execute the file.

The rest of the line is options for Perl. "- T" is corrupted (this means that the input is marked as "untrusted" until you check its format). "-w" includes warnings.

You can learn more by running perldoc perlrun (perldoc is a Perl reader that can be installed, can be in its own package).

For the scripts you write, I would recommend starting them with:

 #!/usr/bin/perl use warnings; use strict;

This includes many warnings and additional checks - especially useful during training (I still participate, and I have been using Perl for over 10 years).

+13
source

Both -w and -T are a kind of "reliable" flags.

-w is the same as the use warning statement in your code, and this is equivalent to warning in many compilers. A simple example would be a warning about using an uninitialized variable:

 #!/usr/bin/perl -w print "$A\n"; print "Hello, world!\n";

It will be printed:

 Name "main::A" used only once: possible typo at ./perl-warnings line 3. Use of uninitialized value $A in concatenation (.) or string at ./perl-warnings line 3. Hello, world!

The -T flag means that any value received from the outside world (as opposed to computing inside the program) is considered a potential threat and prohibits the use of such values โ€‹โ€‹in system-related operations, such as writing files, executing a system command, etc. (which is why Perl activates taint mode when the script runs under setuid / setgid.)

The tainted mode forces you to double check the value inside the script.

For example, the code:

 #!/usr/bin/perl -T $A = shift; open FILE, ">$A"; print "$A\n"; close FILE;

Will produce a fatal error (program termination):

 $ ./perl-tainted jkjk Insecure dependency in open while running with -T switch at ./perl-tainted line 3.

And this is only because the value of the argument was obtained from "outside" and was not "double checked". The taint mode draws your attention to this fact. Of course, it's easy to fool him, for example:

 #!/usr/bin/perl -T $A = shift; $A = $1 if $A =~ /(^.*$)/; open FILE, ">$A"; print "$A\n"; close FILE;

In this case, everything worked fine. You have "tricked" the "taint" mode. Well, it is assumed that the programmerโ€™s intent is to make the program more secure, so the programmer will not only cope with the error, but rather take some security measures. One of Perl's aliases is "glue and tape for cable system administrators." It is possible that the system administrator will create a Perl script for his needs and run it with root permissions. Think of this script in order to do something normal users are not allowed to ... you probably want to double-check things that are not part of the program itself, and you want Perl to remind you of them.

Hope this helps.

+5
source

About Taint (-T) mode:
The require and use statements change when taint mode is turned on.
The library / module download path no longer contains . (current directory) from its path.

So, if you load any libraries or modules relative to the current working directory without explicitly specifying the path, your script will be broken in taint mode.

For an example: consider perl_taint_ex.pl

 #!/usr/bin/perl -T require "abc.pl"; print "Done";

fail like this

 D:\perlex>perl perl_taint_ex.pl "-T" is on the #! line, it must also be used on the command line at perl_taint_ex.pl line 1. D:\perlex>perl -T perl_taint_ex.pl Can't locate abc.pl in @INC (@INC contains: C:/Perl/site/lib C:/Perl/lib) at perl_taint_ex.pl line 3.

So, when taint mode is on , you must explicitly specify the require statement where to load the library, since . removed during taint mode from the @INC array.

@INC contains a list of valid paths for reading files and library modules from.

If taint mode is on, you simply do the following:

 D:\perlex>perl -ID:\perlex -T perl_taint_ex.pl Done

-ID:\perlex will include the D:\perlex in @INC .

You can try other ways to add the path to @INC , this is just one example.

+3
source

It was called a shebang. On Unix-based systems (OSX, Linux, etc.), this line indicates the path to the language interpreter when the script is executed from the command line. In the case of perl / usr / bin / perl, this is the path to the perl interpreter. If hashbang is not taken into account, * nix systems will not know how to parse the script when called as an executable. Instead, try to interpret the script in any shell that the user runs (possibly bash) and break the script.

http://en.wikipedia.org/wiki/Hashbang

-W and -T are arguments that control how the perl interpreter works. These are the same arguments that you could call when invoking the Perl interpreter directly from the command line.

  • -W shows warnings (aka debug information).
  • -T enables taint / security checking.
+2
source

More articles:


All Articles