On Monday 22 September 2008 08:41:31 Michael G Schwern wrote:
> Shlomi Fish wrote:
> > Let's suppose Makefile.PL is world-writable. While the distro is being
> > unpacked, a malicious user writes something like:
> >
> > {{{
> > system('rm -fr $HOME');
> > }}}
> >
> > to it, and after you come to the "perl Makefile.PL" stage - you lose
> > your home-directory. ;-)
>
> Run that by me again how the Makefile.PL being world-writable has any
> effect on that? If a Makefile.PL does an "rm -rf $HOME" and you run it, it
> doesn't matter what permission flags are on the file. Your home directory
> is gone.
There's a race condition attack between the time the CPAN client *writes* the
world-writeable file and the time the CPAN client *executes* the
world-writeable file. During that time, anyone on the system can write
anything to the file, replacing its legitimate and safe contents with
malicious contents.
That's completely orthogonal to the problem of the Build.PL/Makefile.PL
containing malicious code.
-- c
