Shlomi Fish wrote:
>> * What is the problem with world writeable files in a distro?
>
> Let's suppose Makefile.PL is world-writable. While the distro is being
> unpacked, a malicious user writes something like:
>
> {{{
> system('rm -fr $HOME');
> }}}
>
> to it, and after you come to the "perl Makefile.PL" stage - you lose
> your home-directory. ;-)
Run that by me again how the Makefile.PL being world-writable has any effect
on that? If a Makefile.PL does an "rm -rf $HOME" and you run it, it doesn't
matter what permission flags are on the file. Your home directory is gone.
>> * What is your proposed remedy?
>
> Make sure none of the files in the archive are world-writable.
> }}}}}}}}}}}}}}}
>
> My suggestion for resolving this is to modify the smoking modules so, after
> the archive is unpacked (with a proper umask and arguments to tar), they will
> traverse the directory tree and look for any world-writable files. If any are
> found, they will report the smoking of the module as "FAIL", and delete the
> unpacked directory tree, without doing the "perl Makefile.PL/Build.PL ..."
> dance.
I agree with David, it's not the goal of CPAN Testers to be code style police.
The distribution did not fail, it just did something very mildly insecure.
Individual CPAN Testers can take it upon themselves to fix some systematic bad
practice or another, but adding it to the whole system compromises the goal of
running tests. Code police is a CPANTS or perlcritic thing.
Given that a CPAN smoker is basically a system to execute arbitrary code,
worrying about world writable files is sort of like worrying about how good
your locks are when the door is left wide open.
> In any case, Mandriva's msec warns about them, which bothers me.
Tell it to stop looking for world-writable files in your .cpan* directories.
The only "security hole" one of these files represents is someone else can
delete it.
Now if they were setuid or something, that I'd be worried about.
--
The mind is a terrible thing,
and it must be stopped.
