On Monday 22 September 2008 15:23:44 Eric Wilhelm wrote: > Yes. Would someone please explain to me how this issue is not already > made a mostly non-issue by having a proper umask and running CPAN as > non-root?
If I were so inclined and had access to your machine, I could do a lot of damage through such a mechanism without root access. As Ovid suggested, though, it's a less attractive attack vector than, say, SQL injection or XSS. -- c