Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??
I've never heard of any malware, but I do worry, especially when running cpan as root. The most noticed unfounded worry for me, is seeing in some modules, written on Windows I presume, files that unpack on Linux in mode 777, executable by anyone. Many of these files are just text files, but they could be sprinkled with bash commands. Nothing has ever happened though, so I don't worry much, but I shudder every time I see them in an unpacked module.

Another worry I have, although may be unfounded, is that the network security engineers could setup a system where they switch a good download, with one loaded with some malware, thru some temporary DNS chicanery. This would not be CPAN's fault. In this new age of cyber-warfare, I wouldn't put it past the various agencies to try it.

Of course, I always download and build all modules as an underpriviledged user, then after inspection, install as root, or even better install to the user's home directory with local::lib

If you want my honest opinion, the biggest source of network related insecurity comes from downloading the numerous precompiled binary libraries and executables, which the various distributions provide. I always compile myself. You should also compile your own kernel and possibly use something like SELinux.

I went through alot of worrying about this 10 years ago, but then I realized that it was a waste of time. What is your computer used for? If it's just a personal computer, not involved in any secret activity, the risk of invasion is so small, that the time it takes to run REAL security is too high related to the risk. If some evil agency wants to get access to your computer, they have easier ways than using CPAN or RPM's. 99% percent of all security comprimises come from within your own circle of trust. A co-worker, a girlfriend, etc. who you allow to use the computer are almost always the culprit. You have to watch out for people with USB-Memory-Sticks. :-) They can boot your computer with an on-key OS, and do whatever they want.


I'm not really a human, but I play one on earth.
Old Perl Programmer Haiku ................... flash japh

In reply to Re: Malware on CPAN by zentara
in thread Malware on CPAN by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others pondering the Monastery: (3)
    As of 2014-09-20 15:16 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      How do you remember the number of days in each month?











      Results (160 votes), past polls