Michael G Schwern writes: > Smylers wrote: > > > > I have lying around a prototype for the CPAN shell to warn the user > > > when they run it as root and offer to reconfigure itself to only su > > > for the install. That would help plug the hole. > > > > Yeah, that sounds good. > > > > But only for users running CPAN, not anybody who is manually un-tar-ing > > a distribution. I have no data for this, but I suspect those who do > > manual installs in this way are also more likely to do the whole thing > > as root, and less likely to be involved in the Perl community (such as > > knowing much about Cpan) -- and therefore most likely to get hurt by > > this, or to pick up a bad impression of Perl or its community as a > > result. > > Since the perl build process is directly analogous to the autoconf build > process...
I think the difference is that autoconf-generated software is generally created on Unix-like OSes, with actual tar commands. Cpan is different, in that it's quite reasonable for distributions to've been created on a system without tar or Unix-like permissions. > perl Makefile.PL sh Configure > make make > make test make check > sudo make install sudo make install Or: $ su # ./Configure # make # make install I don't know how common that is any more. Most of the people I've seen doing it were installing Unix software well before sudo gained widespread popularity, and seem to've got into the habit of running as root for sys-admin tasks. But I take your basic point: > ...this is not a Perl problem but a general lack of basic security > problem. An admin should know to run as little as possible as root, > this is dead basic security. Anyone who blames Perl for the admin's > mistake is just looking for someone to blame, so there's little bother > in trying to convince them otherwise. > > We can only keep an ignorant admin from blowing off their foot for so > long. The longer we protect them from their own ignorance the bigger > the boom is likely to be. Smylers
