# from Ken Williams # on Monday 22 September 2008 13:45: >> (a) Have CPAN and CPANPLUS refuse to run 'perl *.PL' if the PL in >> question is world writable. > >That wouldn't completely solve the problem, since someone could >quickly rewrite *.PL and change it to non-writable status. Note that >a world-writable top-level directory also has the same problem (or in >some cases, only one or the other situation has the problem).
Would that "tracks-covering chmod" not require *ownership* of the file? # from David Golden on Monday 22 September 2008 13:00: >>(b) Have CPAN and CPANPLUS not preserve mode permissions even for >>root; that's "--no-same-permissions") for tar or $Archive::Tar::CHMOD >> = 0 for Archive::Tar. I presume there's a comparable thing for zip >>archives. That leaves it up to the users umask setting. Yes. Would someone please explain to me how this issue is not already made a mostly non-issue by having a proper umask and running CPAN as non-root? Thanks, Eric -- "Time flies like an arrow, but fruit flies like a banana." --Groucho Marx --------------------------------------------------- http://scratchcomputing.com ---------------------------------------------------