Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: Blatant security problem in certain CPAN module installs

by Abigail-II (Bishop)
on May 03, 2004 at 16:13 UTC ( #350068=note: print w/ replies, xml ) Need Help??


in reply to Re: Re: Blatant security problem in certain CPAN module installs
in thread Blatant security problem in certain CPAN module installs

I don't agree that there is not an increased danger during the install if you are installing modules as root or modifying the version of perl that root uses.
That sounds obvious, until you rephrase it as "it's gives more security if you install modules as a non-root user". Sure, it might matter if no UID that can cause havoc ever runs the code of the modules installed, but if so, what would be the point of installing them? My point is that the danger doesn't stop that "make install", it's isn't that you can relax if you get a prompt back after typing "make install". That's only when trouble starts.

The dangerous part of opening a lion cage isn't the act of opening the door - the danger only starts when the lion gets out of the cage.

Abigail


Comment on Re: Blatant security problem in certain CPAN module installs

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://350068]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (15)
As of 2014-12-18 23:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (67 votes), past polls