Re: sudo in Const::Fast
Shawn H Corey writes: On 12-07-19 01:07 PM, Smylers wrote: Please can you run: $ cpan -J | grep sudo 'mbuild_install_build_command' = 'sudo ./Build', 'make_install_make_command' = 'sudo /usr/bin/make', Great, so we've found where sudo is coming from. Your cpan command has been configured to use sudo for the actual 'install' step of installing modules. The puzzle is now where this is coming from, given that you couldn't find sudo in your cpan config files. Let's first be sure precisely what commands cpan should be running. Please can you post the output of running this: $ grep 'install.*command' ~/.cpan/CPAN/MyConfig.pm Smylers -- http://twitter.com/Smylers2
Re: sudo in Const::Fast
On Fri, Jul 20, 2012 at 11:03:43AM +0100, Smylers wrote: The puzzle is now where this is coming from, given that you couldn't find sudo in your cpan config files. This should answer that question ... $ cpan ... cpan[1] o conf commit commit: wrote '/etc/perl/CPAN/Config.pm' -- David Cantrell | Nth greatest programmer in the world In this episode, R2 and Luke weld the doors shut on their X-Wing, and Chewbacca discovers that his Ewok girlfriend is really just a Womble with its nose chopped off.
Re: sudo in Const::Fast
Shawn H Corey writes: On 12-07-19 10:43 AM, Leon Timmermans wrote: On Thu, Jul 19, 2012 at 1:38 AM, Shawn H Corey shawnhco...@gmail.com wrote: I tried installing Const::Fast and it runs sudo. Why is such a blatant security risk in a CPAN module? And are there more? Like others have already said, I'm not using sudo in Const::Fast. It has a very boring and default installer. If you had checked the Makefile.PL or tried installing it without a cpan client you would have realized this ;-) I didn't authorize any use of sudo, so someone else put it in there. Do you have a file called ~/.cpan/CPAN/MyConfig.pm? If so, are there any lines mentioning sudo in there? Smylers -- http://twitter.com/Smylers2
Re: sudo in Const::Fast
On 12-07-19 11:34 AM, Smylers wrote: Do you have a file called ~/.cpan/CPAN/MyConfig.pm? If so, are there any lines mentioning sudo in there? No, none. The only config files that have it are: ./perlbrew/build/perl-5.16.0/cpan/CPANPLUS/lib/CPANPLUS/Config.pm ./perlbrew/build/perl-5.16.0/lib/CPANPLUS/Config.pm ./perlbrew/perls/perl-5.16.0/lib/5.16.0/CPANPLUS/Config.pm ./perlbrew/perls/perl-5.16.0/man/man3/CPANPLUS::Config.3 But I'm not using cpanplus. -- Just my 0.0002 million dollars worth, Shawn Programming is as much about organization and communication as it is about coding. _Perl links_ official site : http://www.perl.org/ beginners' help : http://learn.perl.org/faq/beginners.html advance help: http://perlmonks.org/ documentation : http://perldoc.perl.org/ news: http://perlsphere.net/ repository : http://www.cpan.org/ blog: http://blogs.perl.org/ regional groups : http://www.pm.org/
Re: sudo in Const::Fast
Shawn H Corey writes: On 12-07-19 11:34 AM, Smylers wrote: Do you have a file called ~/.cpan/CPAN/MyConfig.pm? If so, are there any lines mentioning sudo in there? No, none. Well that rules out one possibility, so we must be getting closer! Please can you run: $ cpan -J | grep sudo and: $ env | egrep -i 'perl|sudo' and paste the output of both back here. Smylers -- http://twitter.com/Smylers2
Re: sudo in Const::Fast
On 12-07-19 01:07 PM, Smylers wrote: Please can you run: $ cpan -J | grep sudo 'mbuild_install_build_command' = 'sudo ./Build', 'make_install_make_command' = 'sudo /usr/bin/make', and: $ env | egrep -i 'perl|sudo' MANPATH=/home/shawn/perl5/perlbrew/perls/perl-5.16.0/man: PERLBREW_VERSION=0.44 PERLBREW_PERL=perl-5.16.0 PERLBREW_BASHRC_VERSION=0.44 PERLBREW_ROOT=/home/shawn/perl5/perlbrew MANPATH_WITHOUT_PERLBREW= PATH=/home/shawn/bin:/home/shawn/perl5/perlbrew/bin:/home/shawn/perl5/perlbrew/perls/perl-5.16.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/opt/Adobe/Reader9/Reader/intellinux/bin:. PWD=/home/shawn/perl5 PERLBREW_HOME=/home/shawn/.perlbrew PATH_WITHOUT_PERLBREW=/home/shawn/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games PERLBREW_MANPATH=/home/shawn/perl5/perlbrew/perls/perl-5.16.0/man PERLBREW_PATH=/home/shawn/perl5/perlbrew/bin:/home/shawn/perl5/perlbrew/perls/perl-5.16.0/bin -- Just my 0.0002 million dollars worth, Shawn Programming is as much about organization and communication as it is about coding. _Perl links_ official site : http://www.perl.org/ beginners' help : http://learn.perl.org/faq/beginners.html advance help: http://perlmonks.org/ documentation : http://perldoc.perl.org/ news: http://perlsphere.net/ repository : http://www.cpan.org/ blog: http://blogs.perl.org/ regional groups : http://www.pm.org/
Re: no sudo in Const::Fast
As alluded to before by Serguei, 'make_install_make_command' had sudo, as well as 'mbuild_install_build_command'. Talk to your sysadmin (unless you are that person, then people will think you are crazy for talking to yourself). (...and retitling this thread appropriately) chris On Jul 19, 2012, at 12:11 PM, Shawn H Corey wrote: On 12-07-19 01:07 PM, Smylers wrote: Please can you run: $ cpan -J | grep sudo 'mbuild_install_build_command' = 'sudo ./Build', 'make_install_make_command' = 'sudo /usr/bin/make', and: $ env | egrep -i 'perl|sudo' MANPATH=/home/shawn/perl5/perlbrew/perls/perl-5.16.0/man: PERLBREW_VERSION=0.44 PERLBREW_PERL=perl-5.16.0 PERLBREW_BASHRC_VERSION=0.44 PERLBREW_ROOT=/home/shawn/perl5/perlbrew MANPATH_WITHOUT_PERLBREW= PATH=/home/shawn/bin:/home/shawn/perl5/perlbrew/bin:/home/shawn/perl5/perlbrew/perls/perl-5.16.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/opt/Adobe/Reader9/Reader/intellinux/bin:. PWD=/home/shawn/perl5 PERLBREW_HOME=/home/shawn/.perlbrew PATH_WITHOUT_PERLBREW=/home/shawn/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games PERLBREW_MANPATH=/home/shawn/perl5/perlbrew/perls/perl-5.16.0/man PERLBREW_PATH=/home/shawn/perl5/perlbrew/bin:/home/shawn/perl5/perlbrew/perls/perl-5.16.0/bin -- Just my 0.0002 million dollars worth, Shawn Programming is as much about organization and communication as it is about coding. _Perl links_ official site : http://www.perl.org/ beginners' help : http://learn.perl.org/faq/beginners.html advance help: http://perlmonks.org/ documentation : http://perldoc.perl.org/ news: http://perlsphere.net/ repository : http://www.cpan.org/ blog: http://blogs.perl.org/ regional groups : http://www.pm.org/
Re: sudo in Const::Fast
Hmm. Looking at the INSTALL file, there's this: ## Installation with cpanm If you have cpanm, you only need one line: % cpanm Const::Fast If you are installing into a system-wide directory, you may need to pass the -S flag to cpanm, which uses sudo to install the module: % cpanm -S Const::Fast But you're not using cpanm, and I'm not seeing anything beyond the delete or rewrite of BUILD_REQUIRES and CONFIGURE_REQUIRES hashes in the Makefile.PL depending on the version of ExtUtils. Strange. -john On Wed, July 18, 2012 5:46 pm, Shawn H Corey wrote: On 12-07-18 06:44 PM, Matthew Musgrove wrote: I'm sure Leon will pipe in soon but in the mean time, what version did you install and how? The only use of sudo I see in Const-Fast-0.011 is in the INSTALL text file. $ cpan Const::Fast CPAN: Storable loaded ok (v2.35) Reading '/home/shawn/.local/share/.cpan/Metadata' Database was generated on Wed, 18 Jul 2012 12:13:34 GMT Running install for module 'Const::Fast' Running make for L/LE/LEONT/Const-Fast-0.011.tar.gz CPAN: Digest::SHA loaded ok (v5.71) CPAN: Compress::Zlib loaded ok (v2.052) Checksum for /home/shawn/.local/share/.cpan/sources/authors/id/L/LE/LEONT/Const-Fast-0.011.tar.gz ok CPAN: File::Temp loaded ok (v0.22) CPAN: Parse::CPAN::Meta loaded ok (v1.4404) CPAN: CPAN::Meta loaded ok (v2.120921) CPAN: Module::CoreList loaded ok (v2.68) CPAN.pm: Building L/LE/LEONT/Const-Fast-0.011.tar.gz Checking if your kit is complete... Looks good Writing Makefile for Const::Fast Writing MYMETA.yml and MYMETA.json cp lib/Const/Fast.pm blib/lib/Const/Fast.pm Manifying blib/man3/Const::Fast.3 LEONT/Const-Fast-0.011.tar.gz /usr/bin/make -- OK CPAN: YAML loaded ok (v0.84) Running make test PERL_DL_NONLAZY=1 /home/shawn/perl5/perlbrew/perls/perl-5.16.0/bin/perl -MExtUtils::Command::MM -e test_harness(0, 'blib/lib', 'blib/arch') t/*.t t/00-compile.t ok t/10-basics.t . ok t/release-kwalitee.t .. skipped: these tests are for release candidate testing t/release-pod-coverage.t .. skipped: these tests are for release candidate testing t/release-pod-syntax.t skipped: these tests are for release candidate testing All tests successful. Files=5, Tests=26, 1 wallclock secs ( 0.05 usr 0.02 sys + 0.20 cusr 0.02 csys = 0.29 CPU) Result: PASS LEONT/Const-Fast-0.011.tar.gz /usr/bin/make test -- OK Running make install [sudo] password for shawn: -- Just my 0.0002 million dollars worth, Shawn Programming is as much about organization and communication as it is about coding. _Perl links_ official site : http://www.perl.org/ beginners' help : http://learn.perl.org/faq/beginners.html advance help: http://perlmonks.org/ documentation : http://perldoc.perl.org/ news: http://perlsphere.net/ repository : http://www.cpan.org/ blog: http://blogs.perl.org/ regional groups : http://www.pm.org/
Re: sudo in Const::Fast
On 12-07-18 07:12 PM, John M. Gamble wrote: which uses sudo to install the module The point is that sudo should _never_ be used inside any module or script. Ever! -- Just my 0.0002 million dollars worth, Shawn Programming is as much about organization and communication as it is about coding. _Perl links_ official site : http://www.perl.org/ beginners' help : http://learn.perl.org/faq/beginners.html advance help: http://perlmonks.org/ documentation : http://perldoc.perl.org/ news: http://perlsphere.net/ repository : http://www.cpan.org/ blog: http://blogs.perl.org/ regional groups : http://www.pm.org/
Re: sudo in Const::Fast
On Jul 18, 2012, at 6:29 PM, Shawn H Corey wrote: On 12-07-18 07:12 PM, John M. Gamble wrote: which uses sudo to install the module The point is that sudo should _never_ be used inside any module or script. Ever! -- Just my 0.0002 million dollars worth, Shawn That's fine to point out, but I can't find any indication 'sudo' is being used specifically within Const::Fast beyond the INSTALL file (see below); within cpanm is possibly another matter, but take that up with Miyagawa, not Leon (also, it installs with cpanm fine w/o sudo for me). I'm not sure where this is sneaking in but it's not from Const::Fast, unless there is a non-obvious switch being used... [cjfields@pyrimidine-laptop Const-Fast-0.011]$ ack 'sudo' . [cjfields@pyrimidine-laptop Const-Fast-0.011]$ grep -r 'sudo' . ./INSTALL:-S flag to cpanm, which uses sudo to install the module: ./INSTALL:% sudo make install ... [cjfields@pyrimidine-laptop ~]$ cpanm Const::Fast -- Working on Const::Fast Fetching http://search.cpan.org/CPAN/authors/id/L/LE/LEONT/Const-Fast-0.011.tar.gz ... OK Configuring Const-Fast-0.011 ... OK Building and testing Const-Fast-0.011 ... OK Successfully installed Const-Fast-0.011 1 distribution installed chris
Re: sudo in Const::Fast
Shawn H Corey wrote: which uses sudo to install the module The point is that sudo should _never_ be used inside any module or script. Ever! So why did you put it in your make_install_make_command CPAN configuration variable then? -- S.T.