in reply to
Re: Malware on CPAN
in thread Malware on CPAN
Frankly, Win* || MacOS & !OSX have done their best to sheild users from the underlying processes since day 1. It's hard to point fingers at any perl module for attempting to align itself with the OS's policy.
As security goes; the only real-life issue I can ever see actually arising -- which is fairly trivial, would be a case of "DNS cache poisoning" coming from the use some NET::, or DNS:: module. Of course, that also requires the module to be installed globally as root, and for the system to be running an Authoritive DNS service locally. Best practices; keep the cache life very short.
Which brings me to those ^evil^ Win* module writers -- 2 issues:
1) Notepad has been able to read/write LF line endings since WinNT version 4
(cat(1)||awk(1) && sed(1) will correct this for *NIX users).
2) Permissions, eg; 0777. Again, *NIX users have a large toolbox, and can perform the following:
# first, the folders
find . -type d -print | while read i
chmod 0755 $i
# now, the files
find . -type f -print | while read i
chmod 0644 $i
# a variation using ls(1) could also have been employed
All, and all; DO examine the source before making && installing. You'd be surprised how much you can learn -- even from the routines included within the source. :)
my $perl_version( 5.12.4 );