Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

On Tuesday 23 September 2008, Eric Wilhelm wrote: > # from chromatic > > # on Monday 22 September 2008 17:37: > >> Yes.  Would someone please explain to me how this issue is not > >> already made a mostly non-issue by having a proper umask and running > >> CPAN as non-root? > > > >If I were so incl

Re: New CPAN Testers Reports site

On Mon, Sep 22, 2008 at 7:08 AM, David E. Wheeler <[EMAIL PROTECTED]> wrote: > On Sep 20, 2008, at 00:29, Barbie wrote: > >> See http://use.perl.org/~barbie/journal/37496 for all the gory details. > > Barbie++ # Thank you! More Barbie++ BTW you could double the that way Firefox will offer bo

Re: running cpan as a nobody

* Eric Wilhelm <[EMAIL PROTECTED]> [2008-09-23 07:45]: > And anyway, having to reinstall something which is > widely mirrored on the internet sure beats having to > recover your own files (which, presumably are not.) Yes, sure. But it might still mean a machine is off the air for unplanned mainten

Re: running cpan as a nobody

# from Aristotle Pagaltzis # on Monday 22 September 2008 21:53: >> Don't run them as yourself either then! > >I don’t like my module library disappearing *either*. Yes, but if you set your umask, then the arbitrary code in question is on the CPAN and can be taken down from there. (That's the 'f

Re: running cpan as a nobody

* Eric Wilhelm <[EMAIL PROTECTED]> [2008-09-23 06:35]: > Don't run them as yourself either then! I don’t like my module library disappearing *either*. Regards, -- Aristotle Pagaltzis //

Re: running cpan as a nobody

# from Aristotle Pagaltzis # on Monday 22 September 2008 18:30: >Note that while running CPAN as non-root is a good idea because >it reduces the surface area of any exploits, it doesn’t make them >a non-issue. I would prefer my homedir not to vanish, thank you >very much. Don't run them as yourse

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

# from David Golden # on Monday 22 September 2008 19:56: >On Mon, Sep 22, 2008 at 6:23 PM, Eric Wilhelm wrote: >> Yes.  Would someone please explain to me how this issue is not >> already made a mostly non-issue by having a proper umask and running >> CPAN as non-root? > >Someone in the thread (s

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

# from chromatic # on Monday 22 September 2008 17:37: >> Yes.  Would someone please explain to me how this issue is not >> already made a mostly non-issue by having a proper umask and running >> CPAN as non-root? > >If I were so inclined and had access to your machine, I could do a lot > of damage

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

On Mon, Sep 22, 2008 at 6:23 PM, Eric Wilhelm <[EMAIL PROTECTED]> wrote: > Yes. Would someone please explain to me how this issue is not already > made a mostly non-issue by having a proper umask and running CPAN as > non-root? Someone in the thread (sorry, forget who and I'm not going to search

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

On Mon, Sep 22, 2008 at 5:23 PM, Eric Wilhelm <[EMAIL PROTECTED]> wrote: > > Would that "tracks-covering chmod" not require *ownership* of the file? According to the man page for chmod(1), yes, but on Win32 doesn't a world-writable file mean it's world-replaceable too? In any case, I was also try

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

On Monday 22 September 2008 15:23:44 Eric Wilhelm wrote: > Yes.  Would someone please explain to me how this issue is not already > made a mostly non-issue by having a proper umask and running CPAN as > non-root? If I were so inclined and had access to your machine, I could do a lot of damage th

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

* Eric Wilhelm <[EMAIL PROTECTED]> [2008-09-23 00:30]: > Would someone please explain to me how this issue is not > already made a mostly non-issue by having a proper umask and > running CPAN as non-root? Note that while running CPAN as non-root is a good idea because it reduces the surface area o

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

# from Ken Williams # on Monday 22 September 2008 13:45: >> (a) Have CPAN and CPANPLUS refuse to run 'perl *.PL' if the PL in >> question is world writable. > >That wouldn't completely solve the problem, since someone could >quickly rewrite *.PL and change it to non-writable status.  Note that >a

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

--- On Mon, 22/9/08, Shlomi Fish <[EMAIL PROTECTED]> wrote: > http://rt.cpan.org/Ticket/Display.html?id=39516 > > Please don't keep it more public than it is already > until there's a good fix. Why not? I am completely at a loss here. You have not addressed the fundamental issue. If a malicio

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

On Mon, Sep 22, 2008 at 3:00 PM, David Golden <[EMAIL PROTECTED]> wrote: > Problem 1: race condition between unarchiving and execution if > Makefile.PL or Build.PL is world writable (ditto test files as well) > > (a) Have CPAN and CPANPLUS refuse to run 'perl *.PL' if the PL in > question is world

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

[Copying Andreas, Jos, Schwern and the Module::Build list] Well, I'm not sure that escalating to Securiteam at this point was necessary given the low overall risk of the threat, but let's set that aside and find some agreement on closing the hole. Here are my thoughts on some of the problems/opti

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

Hi all. Note to "Securiteam": there's a link to the possible security problem report at the bottom. On Monday 22 September 2008, chromatic wrote: > On Monday 22 September 2008 08:41:31 Michael G Schwern wrote: > > Shlomi Fish wrote: > > > Let's suppose Makefile.PL is world-writable. While the di

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

Michael Peters wrote: > You're right. If they are a malicious user then they will find a way to > screw you. I'm just saying that since we know about this path, let's > eliminate it, or at least make it public and known. I agree with that. The part I object to in the OP is the part where CPAN Tes

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

On Mon, Sep 22, 2008 at 04:24:27PM +0300, Shlomi Fish wrote: > World-writable files are a security risk and the CPAN shell should refuse to > test the distribution if they exist. A security conscious admin won't install > such modules if they generate world-writable files. As such, one should no

Re: stowpan (was Dealing with World-writable Files ...)

# from Michael Peters # on Monday 22 September 2008 09:24: >> Correct me if I've misunderstood something, but if you have a >> malicious user on your box, I would assume that them trying to >> attack a CPAN install process is the least of your worries. > >You're right. If they are a malicious user

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

On Mon, Sep 22, 2008 at 03:40:17PM +0300, Shlomi Fish wrote: > My suggestion for resolving this is to modify the smoking modules so, after > the archive is unpacked (with a proper umask and arguments to tar), they will > traverse the directory tree and look for any world-writable files. If any a

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

Ovid wrote: Correct me if I've misunderstood something, but if you have a malicious user on your box, I would assume that them trying to attack a CPAN install process is the least of your worries. You're right. If they are a malicious user then they will find a way to screw you. I'm just sayin

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

--- On Mon, 22/9/08, Michael Peters <[EMAIL PROTECTED]> wrote: > Say I'm using a CPAN module that I've vetted before > and know the code is not going to do something > malicious. If I don't know that world writeable files > are a problem or that this module contains > them (because there aren't

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

Michael G Schwern wrote: Some malicious user, who has somehow gotten an account on your machine, and can see inside your .cpanplus build directory (which he shouldn't because it should only be readable by you), might at just the right exact moment when you're about to run THE ALREADY UNTRUSTED C

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

Michael G Schwern wrote: > Shlomi Fish wrote: >>> * What is the problem with world writeable files in a distro? >> Let's suppose Makefile.PL is world-writable. While the distro is being >> unpacked, a malicious user writes something like: >> >> {{{ >> system('rm -fr $HOME'); >> }}} >> >> to it, and

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

On Monday 22 September 2008 08:41:31 Michael G Schwern wrote: > Shlomi Fish wrote: > > Let's suppose Makefile.PL is world-writable. While the distro is being > > unpacked, a malicious user writes something like: > > > > {{{ > > system('rm -fr $HOME'); > > }}} > > > > to it, and after you come to

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

Shlomi Fish wrote: >> * What is the problem with world writeable files in a distro? > > Let's suppose Makefile.PL is world-writable. While the distro is being > unpacked, a malicious user writes something like: > > {{{ > system('rm -fr $HOME'); > }}} > > to it, and after you come to the "perl Ma

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

On Mon, Sep 22, 2008 at 9:24 AM, Shlomi Fish <[EMAIL PROTECTED]> wrote: > Well, it does. However, hardly anyone pays any attention to CPANTS, and it's > out there in the background, and hardly influences the general perception of > the module. As an aside, if the core Kwalitee metrics are sufficie

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

On Monday 22 September 2008, David Golden wrote: > On Mon, Sep 22, 2008 at 8:40 AM, Shlomi Fish <[EMAIL PROTECTED]> wrote: > > My suggestion for resolving this is to modify the smoking modules so, > > after the archive is unpacked (with a proper umask and arguments to tar), > > they will traverse t

Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

On Mon, Sep 22, 2008 at 8:40 AM, Shlomi Fish <[EMAIL PROTECTED]> wrote: > My suggestion for resolving this is to modify the smoking modules so, after > the archive is unpacked (with a proper umask and arguments to tar), they will > traverse the directory tree and look for any world-writable files.

[RFC] Dealing with World-writable Files in the Archive of CPAN Distributions

Hi all. Today, after I invoked my CPAN smoker for a while, I received another msec (Mandriva Security) report with many world-writable files in the CPAN distributions that were left unpacked under /home/cpan/.cpanplus . Among the gems there are: /home/cpan/.cpanplus/5.10.0/build/Data-Dump

Re: New CPAN Testers Reports site

On 22 Sep 2008, at 05:08, David E. Wheeler wrote: On Sep 20, 2008, at 00:29, Barbie wrote: See http://use.perl.org/~barbie/journal/37496 for all the gory details. Barbie++ # Thank you! Seconded. Thanks so much! -- Andy Armstrong, Hexten