Hi all,
I'm smoke-testing the CPAN distributions using CPAN::YACSmoke, in an
under-privileged user. Now I'm using Mandriva Cooker and have msec running,
and, as a result, am getting warnings that I have world-writable files in the
directories where the CPAN modules were built:
{{{{{{{{{{{{
Security Warning: World Writable files found :
- /home/cpan/.cpanplus/5.10.0/build/Acme-EyeDrops-1.54/Changes
- /home/cpan/.cpanplus/5.10.0/build/Acme-EyeDrops-1.54/LICENSE
- /home/cpan/.cpanplus/5.10.0/build/Acme-EyeDrops-1.54/MANIFEST
- /home/cpan/.cpanplus/5.10.0/build/Acme-EyeDrops-1.54/META.yml
- /home/cpan/.cpanplus/5.10.0/build/Acme-EyeDrops-1.54/Makefile.PL
- /home/cpan/.cpanplus/5.10.0/build/Acme-EyeDrops-1.54/README
.
.
.
- /home/cpan/.cpanplus/5.10.0/build/HTML-Scrubber-0.08/Changes
- /home/cpan/.cpanplus/5.10.0/build/HTML-Scrubber-0.08/LICENSE
- /home/cpan/.cpanplus/5.10.0/build/HTML-Scrubber-0.08/MANIFEST
- /home/cpan/.cpanplus/5.10.0/build/HTML-Scrubber-0.08/MANIFEST.SKIP
- /home/cpan/.cpanplus/5.10.0/build/HTML-Scrubber-0.08/META.yml
- /home/cpan/.cpanplus/5.10.0/build/HTML-Scrubber-0.08/Makefile.PL
- /home/cpan/.cpanplus/5.10.0/build/HTML-Scrubber-0.08/README
.
.
.
}}}}}}}}}}}}
Some of these are -rw-rw-rw permissions in the .tar archive, but some are also
files that are made world-writable by running code. Here are some of my bug
reports:
* http://rt.cpan.org/Ticket/Display.html?id=39038
* http://rt.cpan.org/Ticket/Display.html?id=39037
* http://rt.cpan.org/Ticket/Display.html?id=39035
I would like to brainstorm about possible ways to deal with this problem.
Regards,
Shlomi Fish
-----------------------------------------------------------------
Shlomi Fish http://www.shlomifish.org/
Stop Using MSIE - http://www.shlomifish.org/no-ie/
Shlomi, so what are you working on? Working on a new wiki about unit testing
fortunes in freecell? -- Ran Eilam
