Sam Tregar wrote:
>
> On Fri, 18 Aug 2000, Graham Barr wrote:
> > So it is a security issue then as it needs somewhere to cache these
> > object files, and anyone must be able to do it.
>
> The place it stores its objects is configurable, so it's only a security
> problem if you make it one! I'd say its more a configuration problem
> since you need to carefully think about where that place should be and set
> the appropriate permissions.
Again, extension modules using Inline install their executable code in
$Config{installsitearch} *only*. Only the sysadmin can install there,
presumably.
For normal users writing scripts, the executables will get installed
under the first one of the following places that is a valid directory
and is writable:
- $ENV{PERL_INLINE_BLIB}
- $ENV{HOME}/.blib_I/
- $ENV{HOME}/blib_I/
- $bin/blib_I/
(where $bin is the script directory returned by FindBin.pm)
- ./blib_I/
- /tmp/blib_I/
If none of those exist, Inline will attempt to mkdir one of following:
- $bin/blib_I/
- ./blib_I/
Failing that, Inline will croak. Of course the user can directly specify
the install location as well, using Inline::Config.
I can see that /tmp/blib_I/ could be a security hole and should probably
be removed. Other than that it seems secure. If I'm missing something,
please let me know. (In detail)
Brian
[EMAIL PROTECTED]
