On Thursday 13 November 2008, David Golden wrote: > On Thu, Nov 13, 2008 at 3:39 AM, Shlomi Fish <[EMAIL PROTECTED]> wrote: > >> What I was expressing is that the CPAN shell can do the twiddling to > >> strip flags at the point of extraction, rather than PAUSE stopping it at > >> the gate. Archive::Tar already does this (see > >> $Archive::Tar::INSECURE_EXTRACT_MODE). > > > > Archive::Tar does, but Archive::Extract (which CPANPLUS uses) doesn't. > > It was a bug. Addressed in 0.28 as a result of these discussions. > The next non-development release of CPANPLUS will use the new > Archive::Extract and close the security hole under discussion. >
This bug still exists in Archive-Extract-0.28. See my comment at the end of: http://rt.cpan.org/Ticket/Display.html?id=39554 One needs to also set $Archive::Tar::CHMOD . Regards, Shlomi Fish -- ----------------------------------------------------------------- Shlomi Fish http://www.shlomifish.org/ Funny Anti-Terrorism Story - http://xrl.us/bjn7t Shlomi, so what are you working on? Working on a new wiki about unit testing fortunes in freecell? -- Ran Eilam
