Sat Nov 05 06:04:02 2011: Request 69560 was acted upon. Transaction: Correspondence added by SMUELLER Queue: PAR-Packer Subject: PAR packed files are extracted to unsafe and predictable temporary directories Broken in: (no value) Severity: Critical Owner: Nobody Requestors: j...@nixnuts.net Status: open Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=69560 >
Presumably, one could at least have a build-time option for pp (not packaging time, but PAR::Packer compilation time) that enables some extra measures: perl Makefile.PL --paranoid make test && make install a) assert ownership of all directories and files under $TMPDIR/par-$USER b) assert that other can't write. (How portable would this be?) Doing this by default would make the cached-startup slow enough to not warrant caching at all. That would make PAR::Packer useless for all but the most trivial scripts. Think about it. If any other executable would have to scan the entire perl source tree before starting, it'd be slower to boot than java. Right now, the proper way to get entirely safe PAR'd executables is to set an alternate extraction/cache directory. See "man PAR::Environment".