[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] Creating non-root perl owner to run CPAN
There are a number of Linux language packages
that are self-extending such as Perl, python, and R,
For example, installing the BioConductor package
is easiest from within R, just run R,
source a URL to download the script,
then run the function thus created.
Lots happens, and hey presto, a new R library!
Traditionally everything is owned and maintained by root,
but being a sysadmin (paid professional paranoid)
I created a user "rowner" and group "rusers"
and "chown -R" the R base directory "/usr/lib/R"
Now I su to rowner before doing the above,
and the system is isolated from any malicious code
somewhere in R's contributed package libraries.
So much for a language I don't know (or like or trust).
What about the language I do know, love and trust, Perl?
Su to root, set dependencies to "follow", run CPAN,
"install Bundle::Evil::RootKit" and go have a cup of coffee...
There's an awful lot of libraries and contributors...
Do I trust them all? Historically I've effectively said,
"Of course! Anyone who hacks Perl has to be a good-guy!"
Well history aside, maybe it's not such a good idea;
what do people think of using the R strategy
for all self extending languages?
Michael James michael.james@xxxxxxxx
System Administrator voice: 02 6246 5040
CSIRO Bioinformatics Facility fax: 02 6246 5166
No matter how much you pay for software,
you always get less than you hoped.
Unless you pay nothing, then you get more.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here