develooper Front page | perl.perl5.porters | Postings from November 2016

Re: Net::Ping and sudo

Thread Previous | Thread Next
Andy Dougherty
November 2, 2016 14:26
Re: Net::Ping and sudo
Message ID:
On Wed, Nov 02, 2016 at 12:37:07PM +0000, Dave Mitchell wrote:
> A recent pull into blead of Net::Ping from CPAN (which is under dist/, but
> Reini seems to be pushing new versions to CPAN) has added code to
> t/500_ping_icmp.t that says: "if not running as root, try re-executing the
> script under sudo, but quietly skip if sudo doesn't succeed".
> This has two issues: firstly, I now get an angry local email when running
> 'make test':
>     To:
>     Subject: *** SECURITY information for robin ***
>     Message-Id: <>
>     robin : Nov  2 12:22:01 : davem : user NOT in sudoers ; TTY=pts/1 ; PWD=/home/da
>     vem/perl5/git/bleed/dist/Net-Ping ; USER=root ; COMMAND=/home/davem/perl5/git/bl
>     eed/perl -I../../lib t/500_ping_icmp.t
> which is annoying.
> Secondly, I think people would find it unexpected for a perl test script
> to be run as root when 'make test' has been invoked as a normal user.  To
> a certain extent you could say that people using an account set up so that
> it can sudo to root and run any command without needing a password,
> deserve anything they get anyway.
> In either case, I think we should remove the sudo from this test script.

I strongly agree on both counts.  Consider too the case where the
person running 'make test' is *not* also postmaster for root, but
instead has to now explain to the system administrator why those angry
messages are showing up in his/her mailbox.

Also, in the default configuration (at least on Debian) sudo will
cache credentials for 15 minutes, so it might not need a password.
I regard it as very impolite for the perl test suite to attempt to
invoke sudo on my behalf without giant warning flags going up first.

    Andy Dougherty

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About