Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions

Ovid wrote:

> Correct me if I've misunderstood something, but if you have a malicious user on your box, I would assume that them trying to attack a CPAN install process is the least of your worries. 

You're right. If they are a malicious user then they will find a way to screw you. I'm just saying 
that since we know about this path, let's eliminate it, or at least make it public and known.

>  This is a CPANTS issue.

I agree.

-- 
Michael Peters
Plus Three, LP

• [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Cantrell
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Golden
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Cantrell
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Golden
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Michael G Schwern
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Michael G Schwern
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Michael Peters
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Ovid
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Michael Peters
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Michael G Schwern
• Re: stowpan (was Dealing with World-writable Files ...) by Eric Wilhelm
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by chromatic
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Ovid
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Golden
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by andreas.koenig.7os6VVqR
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by andreas.koenig.7os6VVqR
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Cantrell
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Jos I. Boumans
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by andreas.koenig.7os6VVqR
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by demerphq
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Ken Williams
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Eric Wilhelm
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by David Golden
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Eric Wilhelm
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Ken Williams
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by chromatic
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Eric Wilhelm
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Ovid
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Smylers
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Eric Wilhelm
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: Archive::Tar does not behave like gnu tar by Eric Wilhelm
• Re: Archive::Tar does not behave like gnu tar by David Golden
• Re: Archive::Tar does not behave like gnu tar by Eric Wilhelm
• Re: Archive::Tar does not behave like gnu tar by David Cantrell
• Re: Archive::Tar does not behave like gnu tar by David Golden
• Re: Archive::Tar does not behave like gnu tar by David Cantrell
• Re: Archive::Tar does not behave like gnu tar by David Golden
• Re: Archive::Tar does not behave like gnu tar by Eric Wilhelm
• Re: Archive::Tar does not behave like gnu tar by David Cantrell
• Re: Archive::Tar does not behave like gnu tar by David Golden
• Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions by Eric Wilhelm
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Shlomi Fish
• Re: [RFC] Dealing with World-writable Files in the Archive of CPANDistributions by Aristotle Pagaltzis
• Re: running cpan as a nobody by Eric Wilhelm
• Re: running cpan as a nobody by Aristotle Pagaltzis
• Re: running cpan as a nobody by Eric Wilhelm
• Re: running cpan as a nobody by Aristotle Pagaltzis