On Tuesday, 2002-01-22 at 01:11:18 +0100, Christian Jaeger wrote: > (BTW a somewhat similar problem (but not debian specific) exists with > the perl CPAN module build process: -MCPAN is designed to work as > root. It downloads the tarball, extracts it (with the user/group that > the author packed them) as root, thus you are left with files > belonging to random system users. -MCPAN doesn't take any precautions > to protect the .cpan/build/ folder, thus with a bit luck some user on > the system can modify the unpacked files before they are > built/installed by root.)
You do not need to run the CPAN build process as root. You *mey* need the root account to install the packages (which, I admit, is conveniently done from the CPAM.pm module). Now, if your site specific CPAN directories do not belong to root, you don't need even that. However, if then other perl library directories *are* owned by root, you have trouble with new versions of Perl Core modules - perl will always pick the old ones in the system library directories because of the standard @INC. Should those directories be owned by a "perl owner" use in Debian to prevent possible exploits from Perl modules? It's easy to catch somebody unawares from a Makefile.PL. Lupe Christoph -- | [EMAIL PROTECTED] | http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
