Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re^2: Malware on CPAN

by taint (Chaplain)
on Jun 20, 2012 at 15:40 UTC ( #977384=note: print w/ replies, xml ) Need Help??


in reply to Re: Malware on CPAN
in thread Malware on CPAN

Frankly, Win* || MacOS & !OSX have done their best to sheild users from the underlying processes since day 1. It's hard to point fingers at any perl module for attempting to align itself with the OS's policy.

As security goes; the only real-life issue I can ever see actually arising -- which is fairly trivial, would be a case of "DNS cache poisoning" coming from the use some NET::, or DNS:: module. Of course, that also requires the module to be installed globally as root, and for the system to be running an Authoritive DNS service locally. Best practices; keep the cache life very short.

Which brings me to those ^evil^ Win* module writers -- 2 issues:
1) Notepad has been able to read/write LF line endings since WinNT version 4
(cat(1)||awk(1) && sed(1) will correct this for *NIX users).
2) Permissions, eg; 0777. Again, *NIX users have a large toolbox, and can perform the following: 

#!/bin/sh
# first, the folders
find . -type d -print | while read i
do

chmod 0755 $i

done
# now, the files
find . -type f -print | while read i
do

chmod 0644 $i

done
# a variation using ls(1) could also have been employed

[download]

All, and all; DO examine the source before making && installing. You'd be surprised how much you can learn -- even from the routines included within the source. :)
--'nuf said.



#!/usr/bin/perl -Tw

use strict;
use perl::always;

my $perl_version( 5.12.4 );

print $perl_version;


Comment on Re^2: Malware on CPAN
Download Code
Re^3: Malware on CPAN
by Anonymous Monk on Jun 20, 2012 at 16:51 UTC

    Say, why would you do while loop instead of xargs ... 

    find ... -print0 | xargs -0 chmod ...

    [download]

    ... ?

    Somewhat related, I have come to like symbolic permission modes to selectively modify the permissions while preserving the rest ... 

    # Strip group- & world-write permissions.
chmod -R g-w,o-w directory 

    [download]
[reply]
[d/l]
[select]

      Say, why would you do while loop instead of xargs ...
      find ... -print0 | xargs -0 chmod ...
      ... ?

      For consistency across *NIX's && versions || find(1) is guaranteed to return the same results, regardless of *NIX || version. :) 

      #!/usr/bin/perl -Tw
use strict;
use perl::always;
my $perl_version( 5.12.4 );
print $perl_version;
[reply]
[d/l]
        "For consistency across *NIX's && versions || find(1) is ...."

        Woah! The question was why are you using a while loop instead of xargs. You did nothing to show how xargs fails to work as reliably as a while loop.

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://977384]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (5)
As of 2015-02-01 12:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My top resolution in 2015 is:

















    Results (263 votes), past polls