Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • This was a recent security hole fix for PAUSE/CPAN.

    On Windows, someone on the module-authors list found that they needed to rename their "tar" binary to "gnutar" and then create a tar.bat file that had this single line

    gnutar %* --owner=0 "--mode=0700"

    Andreas suggested that mode should really be 0755, so I'd suggest trying that first before falling back to 0700.

    -- dagolden

    • David, thanks for the tip.

      Frankly, I'm thinking that, like me, many CPAN authors that occasionally develop on Win32 will probably not know what's happening and how to fix.

      Do we need to patch our build tools (EU::MM and friends?) I could help here. And yes, it will take ages for everyone to upgrade, I know, but still...

      • A patch to EU::MM would help. Then Andreas could have the Indexer warning point people to upgrade their EU::MM.

        -- David

    • I tried this hack, and it sort of works. I had to drop the --owner=0 part, or my tar.exe would complain about non existing owner.

      I ended up with:

      move c:\bin\tar.exe c:\bin\gnutar.exe
      vim c:\bin\tar.bat

      In tar.bat:

      @echo off
      c:\bin\gnutar.exe %* --mode=0755

      Uploaded the new Imager-SkinDetector 0.02 on CPAN and it was indexed correctly. Thanks!

  • See the recent threads on the perl-qa list, especially Dealing with World-writable Files in the Archive of CPANDistributions []. :)

  • Is this module just an excuse to assemble a collection of "sample images" for testing? ;)