Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: Malware on CPAN

by moritz (Cardinal)
on Jun 20, 2012 at 05:16 UTC ( #977221=note: print w/ replies, xml ) Need Help??


in reply to Malware on CPAN

I haven't heard of any malicious code upload to CPAN.


Comment on Re: Malware on CPAN
Re^2: Malware on CPAN
by Anonymous Monk on Jun 20, 2012 at 06:15 UTC

    I know of 3 in the last 12 years which were quasi-fishy uploads with potential

    Mostly its just tar permissions nonsense that linux folks complain to win32 folks -- PAUSE was updated to deal with that (withoutworldwritables)

    There was one real phone-home thing, and the author took to the criticism, and stopped doing that

    Lots of net/web modules use real-live urls for testing, or try to start servers on local-network instead of explicitly localhost -- I keep fighting this one, but nothing nefarious

    There is one thing still on CPAN which could be used for perl rootkits ( i don't want to publicize it) but its NA (45) UNKNOWN (155)

        Well, I already raised the issue once in opinions on, feel free to take it up :)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://977221]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (10)
As of 2015-07-03 10:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (51 votes), past polls