Smylers wrote:
>> [1] "common carrier" is a legal idea from common US/UK law. I don't
>> > want to get into the legal mumbo jumbo because we're not lawyers, but
>> > invoking the idea is useful and powerful.
>
> OK, so you're talking about Cpan being something morally equivalent to a
> common carrier, rather than an actual common carrier in the legal sense?
Yes, because we are not lawyers I don't even want to approach arguing about
the legal definition. But there is utility in the idea, as a line. The idea
that the carrier is not responsible for the content.
> The Debian manpage for GNU tar documents this option:
>
> --no-same-permissions
> apply umask to extracted files (the default for non-root users)
>
> So umask would be ignored for Andreas above because he un-tar-ed as root
> (and I'm guessing you tried it as you, thereby not triggering the
> behaviour).
Yes, I don't even give myself root or su access to avoid accidentally
forgetting I'm logged in as root. Everything is through sudo.
> Requiring root privs for the last step of installation is common, so I
> guess it's fairly common for some people to do all the steps as root
> (however inadvisable that is).
Well then those users are fucked another dozen ways.
I have lying around a prototype for the CPAN shell to warn the user when they
run it as root and offer to reconfigure itself to only su for the install.
That would help plug the hole.
--
"I went to college, which is a lot like being in the Army, except when
stupid people yell at me for stupid things, I can hit them."
-- Jonathan Schwarz
