Mailinglist Archive: opensuse-security (109 mails)

< Previous Next >
Creating non-root perl owner to run CPAN
  • From: Michael James <Michael.James@xxxxxxxx>
  • Date: Tue, 7 Mar 2006 16:01:44 +1100
  • Message-id: <200603071601.44818.Michael.James@xxxxxxxx>
There are a number of Linux language packages
that are self-extending such as Perl, python, and R,

For example, installing the BioConductor package
is easiest from within R, just run R,
source a URL to download the script,
then run the function thus created.
Lots happens, and hey presto, a new R library!

Traditionally everything is owned and maintained by root,
but being a sysadmin (paid professional paranoid)
I created a user "rowner" and group "rusers"
and "chown -R" the R base directory "/usr/lib/R"
Now I su to rowner before doing the above,
and the system is isolated from any malicious code
somewhere in R's contributed package libraries.

So much for a language I don't know (or like or trust).
What about the language I do know, love and trust, Perl?
Su to root, set dependencies to "follow", run CPAN,
"install Bundle::Evil::RootKit" and go have a cup of coffee...

There's an awful lot of libraries and contributors...
Do I trust them all? Historically I've effectively said,
"Of course! Anyone who hacks Perl has to be a good-guy!"

Well history aside, maybe it's not such a good idea;
what do people think of using the R strategy
for all self extending languages?

michaelj

--
Michael James michael.james@xxxxxxxx
System Administrator voice: 02 6246 5040
CSIRO Bioinformatics Facility fax: 02 6246 5166

No matter how much you pay for software,
you always get less than you hoped.
Unless you pay nothing, then you get more.

< Previous Next >
This Thread
  • No further messages