Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Journal of cosimo (4138)

Saturday September 27, 2008
02:41 PM

PAUSE warning about world-writable files?

[ #37554 ]

Today I uploaded a proof-of-concept CPAN distribution I'm going to work on in the next weeks. It's called Imager-SkinDetector.

The PAUSE upload finished, and to my surprise, I received an indexer FAIL status. What? Why? The reason is that the distribution contains "world writable files".

Great. I'm probably the only one on Earth to not know, but... if you know some way to make them not writable on Windows, please tell me. Thanks!

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • This was a recent security hole fix for PAUSE/CPAN.

    On Windows, someone on the module-authors list found that they needed to rename their "tar" binary to "gnutar" and then create a tar.bat file that had this single line

    gnutar %* --owner=0 "--mode=0700"

    Andreas suggested that mode should really be 0755, so I'd suggest trying that first before falling back to 0700.

    -- dagolden

    • David, thanks for the tip.

      Frankly, I'm thinking that, like me, many CPAN authors that occasionally develop on Win32 will probably not know what's happening and how to fix.

      Do we need to patch our build tools (EU::MM and friends?) I could help here. And yes, it will take ages for everyone to upgrade, I know, but still...

      • A patch to EU::MM would help. Then Andreas could have the Indexer warning point people to upgrade their EU::MM.

        -- David

    • I tried this hack, and it sort of works. I had to drop the --owner=0 part, or my tar.exe would complain about non existing owner.

      I ended up with:

      move c:\bin\tar.exe c:\bin\gnutar.exe
      vim c:\bin\tar.bat

      In tar.bat:

      @echo off
      c:\bin\gnutar.exe %* --mode=0755

      Uploaded the new Imager-SkinDetector 0.02 on CPAN and it was indexed correctly. Thanks!

  • See the recent threads on the perl-qa list, especially Dealing with World-writable Files in the Archive of CPANDistributions [perl.org]. :)

  • Is this module just an excuse to assemble a collection of "sample images" for testing? ;)