develooper Front page | perl.perl5.porters | Postings from November 2016

Re: Net::Ping and sudo

Thread Previous | Thread Next
From:
Leon Timmermans
Date:
November 2, 2016 20:58
Subject:
Re: Net::Ping and sudo
Message ID:
CAHhgV8jVfEXVBD5dimYYSb6QVDsyTKAbQrV8TrU4r5xw9sapaw@mail.gmail.com
On Wed, Nov 2, 2016 at 11:26 AM, Andy Dougherty <doughera@lafayette.edu>
wrote:

> On Wed, Nov 02, 2016 at 12:37:07PM +0000, Dave Mitchell wrote:
> > A recent pull into blead of Net::Ping from CPAN (which is under dist/,
> but
> > Reini seems to be pushing new versions to CPAN) has added code to
> > t/500_ping_icmp.t that says: "if not running as root, try re-executing
> the
> > script under sudo, but quietly skip if sudo doesn't succeed".
> >
> > This has two issues: firstly, I now get an angry local email when running
> > 'make test':
> >
> >     To: root@iabyn.com
> >     Subject: *** SECURITY information for robin ***
> >     Message-Id: <20161102122201.16A7B240D0E@iabyn.com>
> >
> >     robin : Nov  2 12:22:01 : davem : user NOT in sudoers ; TTY=pts/1 ;
> PWD=/home/da
> >     vem/perl5/git/bleed/dist/Net-Ping ; USER=root ;
> COMMAND=/home/davem/perl5/git/bl
> >     eed/perl -I../../lib t/500_ping_icmp.t
> >
> > which is annoying.
> >
> > Secondly, I think people would find it unexpected for a perl test script
> > to be run as root when 'make test' has been invoked as a normal user.  To
> > a certain extent you could say that people using an account set up so
> that
> > it can sudo to root and run any command without needing a password,
> > deserve anything they get anyway.
> >
> > In either case, I think we should remove the sudo from this test script.
>
> I strongly agree on both counts.  Consider too the case where the
> person running 'make test' is *not* also postmaster for root, but
> instead has to now explain to the system administrator why those angry
> messages are showing up in his/her mailbox.
>
> Also, in the default configuration (at least on Debian) sudo will
> cache credentials for 15 minutes, so it might not need a password.
> I regard it as very impolite for the perl test suite to attempt to
> invoke sudo on my behalf without giant warning flags going up first.


+1

Leon
Thread Previous | Thread Next

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About