sudo perl Makefile.PLStop using sudo here. It is of no benefit
Right.
and increases the attack surface.
How?
Makefile.PL comes from some stranger on the 'net. If you were really paranoid, that should be sufficient to simply delete it and stop installing any Perl modules. In the real world, we usually trust CPAN and run it without any checks. An attacker is limited only by your user privileges. With a sufficient amount of paranoia, you would use a dedicated, very restricted user account to build modules from CPAN, and verify all downloaded and all generated files.
Makefile.PL is expected to generate a Makefile, which is then parsed and executed by make. Still with user privileges, but it was generated by code you should not trust. Do you read it line by line or do you just run make? Again, an attacker is limited only by your user privileges. Hiding malicious behaviour in the generated Makefile instead of Makefile.PL might be creative, but has no advantage (i.e. increased attack surface).
Next step: Run the tests: make test. Essentially, nothing has changed.
Now what? You install your new module. Globally, for all users. Using sudo to gain root privileges: sudo make install. And at this point, you hand out the keys to your computer. Hiding malicious behaviour in the generated Makefile gains root privileges, with a default installation of sudo, this is typically unrestricted.
So, even with the default perl Makefile.PL && make && make test && sudo make install, any CPAN distribution may take over your computer.
Assuming I wanted to implement an attack, why should I bother checking if Makefile.PL was invoked accidentally with root privileges, if a few steps down the installation process I am guaranteed to get root privileges during installation? And of course, a working perl and probably also a working C compiler?
Code in Makefile.PL will ultimatively be executed with root privileges. Maybe not by perl, but by make or the shell. So I don't see how the attack surface could be larger than running code from the network.
Heck, if you want to run perl code as root, just invoke Makefile.PL from the Makefile and have it check for root privileges to switch between preparing the attack and attacking:
/tmp>cat Makefile.PL #!/usr/bin/perl use strict; use warnings; use autodie; if ($> == 0) { print "Say goodbye to it all ...\n"; exec "echo","rm","-rf","/"; } open my $out,'>','Makefile'; print $out <<'__magic__'; default: @echo All done test: @echo No tests install: perl Makefile.PL __magic__ close $out; /tmp>perl Makefile.PL /tmp>make All done /tmp>make test No tests /tmp>sudo make install Password: perl Makefile.PL Say goodbye to it all ... rm -rf / /tmp>
Yes, I'm completely ignoring any non-Unix system and per-user installations of perl. How much damage can a malicious Makefile.PL do without root privileges? rm -rf / invoked as non-root user will still ruin your day, but with more error messages.
Alexander
In reply to Re^2: When i am installing an Digest::SHA1 module i am getting an error like this so anyone can help on this.
by afoken
in thread When i am installing an Digest::SHA1 module i am getting an error like this so anyone can help on this.
by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |