On Mon, Sep 22, 2008 at 3:00 PM, David Golden <[EMAIL PROTECTED]> wrote: > Problem 1: race condition between unarchiving and execution if > Makefile.PL or Build.PL is world writable (ditto test files as well) > > (a) Have CPAN and CPANPLUS refuse to run 'perl *.PL' if the PL in > question is world writable.
That wouldn't completely solve the problem, since someone could quickly rewrite *.PL and change it to non-writable status. Note that a world-writable top-level directory also has the same problem (or in some cases, only one or the other situation has the problem). -Ken