'Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       perl-module-build
Subject:    Re: [RFC] Dealing with World-writable Files in the Archive of CPAN Distributions
From:       demerphq <demerphq () gmail ! com>
Date:       2008-11-13 10:00:02
Message-ID: 9b18b3110811130200y31d6b78fva298236ecf2821ba () mail ! gmail ! com
[Download RAW message or body]

2008/9/30 Andreas J. Koenig <andreas.koenig.7os6VVqR@franz.ak.mind.de>:
>>>>>> On Tue, 23 Sep 2008 11:40:09 +0200, "Jos I. Boumans" <kane@cpan.org> said:
>
>  >> And so I have implemented it now. If it breaks too much in too short
>  >> time, we could probably revert it, but first I'd like to see how bad
>  >> we really do.
>
>  > I agree to this (first) solution; this will give us a good idea about
>  > the
>  > scope of the problem.
>
> I have watched the indexer for a week now. The scope is more than two
> uploads per day. These uploads got an email about world writable files
> or directories. I looked up their CPAN directories right now and based
> on the findings I have added the third column.
>
> 23-Sep  SEMUELF/Data-ParseBinary-0.07.tar.gz                fixed
> 26-Sep  GFUJI/warnings-unused-0.02.tar.gz               not fixed
> 26-Sep  STEFFENW/DBD-PO-0.10.tar.gz                     not fixed
> 26-Sep  STEFFENW/Bundle-DBD-PO-0.10.tar.gz              not fixed
> 26-Sep  AJDIXON/daemonise-1.0.tar.gz                    not fixed
> 26-Sep  RPHANEY/openStatisticalServices-0.015.tar.gz        fixed
> 26-Sep  RPHANEY/openStatisticalServices-0.018.tar.gz        fixed
> 27-Sep  COSIMO/Imager-SkinDetector-0.01.tar.gz              fixed
> 27-Sep  FAYLAND/Pod-From-GoogleWiki-0.06.tar.gz             fixed
> 28-Sep  DANNY/Rose-DBx-Object-Renderer-0.34.tar.gz      not fixed
> 28-Sep  MTHURN/WWW-Search-Ebay-2.244.tar.gz                 fixed
> 28-Sep  JSTROM/Tk-TextVi-0.014.tar.gz                   not fixed
> 28-Sep  JSTROM/Tk-TextVi-0.0141.tar.gz                  not fixed
> 29-Sep  MATTN/Net-Kotonoha-0.07.tar.gz                      fixed
> 29-Sep  MTHURN/WWW-Search-Ebay-Europe-2.002.tar.gz          fixed
> 29-Sep  ANGERSTEI/Net-Ping-Network-1.57.tar.gz          not fixed
> 29-Sep  RPHANEY/openStatisticalServices-0.019.tar.gz        fixed
>
> Congratulations to all authors who managed to fix their distros.
> I *you* are among them, please spread the word how you did it.

I fixed the issue for ExtUtils::Install by changing my windows
permissions to be me only instead of Everyone. Also unclicked the
"inherit permissions from parent object" and used the advanced tab to
propagate the permissions to all children. No doubt I could have done
it with a command line tool, but I couldnt remember what it was
called.

Switching to CREATOR OWNER didnt work, nor did CREATOR GROUP.

Yves.


-- 
perl -Mre=debug -e "/just|another|perl|hacker/"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic