How do I set the taint mode in a perl script with a '#!/usr/bin/env perl'- shebang?

Question

how do I set the taint mode in a perl script with a

#!/usr/bin/env perl

shebang?

Answer 1

You can pass the PERL5OPT environment variable on the shebang line:

#!/usr/bin/env PERL5OPT=-T perl

This seems all rather backwards to me.

Another option, is to re-execute the script under taint mode if you detect it's not on:

#!/usr/bin/env perl

warn 'Taint mode is '.(${^TAINT} ? 'on' : 'off'); # For debugging

exec($^X,'-T',$0,@ARGV) unless ${^TAINT};

# do stuff under taint mode here

Obviously, this is a major startup performance hit.

Answer 2

Since taint mode can only be enabled via the -T flag, and env won't accept any flags in a shebang line, your best option is to run the program via perl -T script.pl rather than executing the script directly.

If you absolutely need to enforce taint mode in the shebang, you could make a taintperl script somewhere in your PATH (e.g. /usr/local/bin) with the following contents:

#!/bin/sh
/usr/bin/env perl -T

Then in your Perl script, have

#!/usr/bin/env taintperl