Subject: | Running as root detection and optional correction. |
As I mentioned on perl-qa, it is insecure to run the CPAN shell as root.
Instead, only the install process should be run as root. CPAN.pm has
facilities to do this but many folks don't know about it.
It would be nice if the CPAN shell issued a warning if run as root, just
once. It would then offer to reconfigure itself to work as a regular
user and use sudo (or whatever works) as appropriate. Included would be
instructions (or if possible just do it automatically) on how to fix the
.cpan file permissions to work with a regular user.
If the user rejects this, it will not nag them about it again (it'll
flip a toggle in the CPAN config). But now no one can blame us for not
trying to fix their security hole.
How does that sound? That'll close a huge gaping hole in user-end security.
I've included a little prototype program to show the user interaction.
Subject: | cpan_root_detect.plx |
Message body not shown because it is not plain text.