* On Sun, Sep 28 2008, Cosimo Streppone wrote: > Hi! > > I don't know if I really understand the entire > "world-writable files" security hole. > > Anyway, I think the average CPAN author doesn't > really know or care about that, sadly. > See also
FWIW, this is true. I have never thought about it. Personally, I am confused as to why users have programs that do whatever an input file from the Internet tells them to do. If you don't want your tar command to create world-writable files, you should probably tell your tar command to not create world-writable files... right? That is much easier than convincing every person on the Internet to do what you want. It is also easier than convincing every CPAN author to upgrade MakeMaker. Regards, Jonathan Rockway -- print just => another => perl => hacker => if $,=$"