# from Ken Williams
# on Monday 22 September 2008 13:45:
>> (a) Have CPAN and CPANPLUS refuse to run 'perl *.PL' if the PL in
>> question is world writable.
>
>That wouldn't completely solve the problem, since someone could
>quickly rewrite *.PL and change it to non-writable status. Note that
>a world-writable top-level directory also has the same problem (or in
>some cases, only one or the other situation has the problem).
Would that "tracks-covering chmod" not require *ownership* of the file?
# from David Golden on Monday 22 September 2008 13:00:
>>(b) Have CPAN and CPANPLUS not preserve mode permissions even for
>>root; that's "--no-same-permissions") for tar or $Archive::Tar::CHMOD
>> = 0 for Archive::Tar. I presume there's a comparable thing for zip
>>archives. That leaves it up to the users umask setting.
Yes. Would someone please explain to me how this issue is not already
made a mostly non-issue by having a proper umask and running CPAN as
non-root?
Thanks,
Eric
--
"Time flies like an arrow, but fruit flies like a banana."
--Groucho Marx
---------------------------------------------------
http://scratchcomputing.com
---------------------------------------------------
