22.2.4 Taint mode and @INC

When the taint mode (-T) is in effect, the "." directory is removed from @INC, and the environment variables PERL5LIB and PERLLIB are ignored by Perl. You can still adjust @INC from outside the program by using the -I command line option as explained in 3. The two environment variables are ignored because they are obscured, and a user running a program could be unaware that they are set, whereas the -I option is clearly visible and therefore permitted.

Another way to modify @INC without modifying the program, is to use the lib pragma, e.g.:

perl -Mlib=/foo program

The benefit of using -Mlib=/foo over -I/foo, is that the former will automagically remove any duplicated directories, while the later will not.

Note that if a tainted string is added to @INC, the following problem will be reported:

Insecure dependency in require while running with -T switch
