Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: Blatant security problem in certain CPAN module installs

by ysth (Canon)
on May 03, 2004 at 06:23 UTC ( #349935=note: print w/ replies, xml ) Need Help??


in reply to Blatant security problem in certain CPAN module installs

Thanks for the alert.

Not sure what the point is of checking if these modules are installed; does the Makefile.PL-fetched code get injected into them or just run at once?


Comment on Re: Blatant security problem in certain CPAN module installs
Re: Re: Blatant security problem in certain CPAN module installs
by tantarbobus (Hermit) on May 03, 2004 at 06:51 UTC

    I think the point of checking is that you can't know what code was run when the module was installed (it could have installed a backdoor, whatever). And for some people that is an unacceptable risk, and they will want to know whether they installed any of the above modules, so that they make take appropriate action.

    The Makefile.PL-fetched code gets called only once at the end of the make (assuming that it is the only place the code is called).

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://349935]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (5)
As of 2014-07-13 17:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (251 votes), past polls