Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re: Malware on CPAN

by thomas895 (Hermit)
on Jun 20, 2012 at 21:50 UTC ( #977482=note: print w/ replies, xml ) Need Help??


in reply to Malware on CPAN

It's called reading the code. Of course, everything can be abused in one way or another, but the trick is to avoid sketchy modules and suspicious authours.
If you are truly paranoid, use a VM image and install it on that to see if it does anything malicious.

Also, while the binary packages for your system can be useful, it's sometimes best to avoid them. On openSUSE, if you become part of the build service, you can upload what you have compiled from the CPAN(for example), with your own malicious tweaks. Of course, that is one way to get nasty emails and negative "internetz". ;-)
As a security precaution, I only use the official repos, which contain tested and verified software. Of course, nothing is guaranteed, and it's always possible something slipped through. Generally, however, I do not use the home:* repos.

~Thomas~
confess( "I offer no guarantees on my code." );


Comment on Re: Malware on CPAN
Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://977482]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (4)
As of 2014-09-23 05:44 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (210 votes), past polls