Re: Blatant security problem in certain CPAN module installs

My strategy for installing perl modules is to never do so as root, and to never modify /usr/bin/perl. I think that this strategy has now been vindicated!

You know, the danger doesn't lie during the perl Makefile.PL && make && make test && make install phase. It's easy to set up a perl-admin user and install perl, and perl modules, under that UID. Sure, the user can wipe out the Perl installation, but that's reasonable quickly restored. The danger lies when the installed modules actually get used - then they might run as priviledged users, users that have access to valuable data or services, or whatever.

Of course, that's a well known problem, and not at all Perl specific.

Abigail

Comment on Re: Blatant security problem in certain CPAN module installs

Replies are listed 'Best First'.
Re: Re: Blatant security problem in certain CPAN module installs by toma (Vicar) on May 03, 2004 at 15:48 UTC
I would agree that there is danger during the install and after the install. I don't agree that there is not an increased danger during the install if you are installing modules as root or modifying the version of perl that root uses. My primary concern is about attacks that are easy to automate, difficult to detect, and provide root access. So I don't install modules for root to use unless they have been reviewed. It is more difficult to exploit the capabilities of other users. Network usage, as sporty points out, is an example. This is relatively easy to detect, though. The only data that I can think of that would be accessible to non-root, consistent between machines, and valuable would be found in ms systems. I don't have very high expectations for security in the ms environment, though. It should work perfectly the first time! - toma	[reply]
Re: Blatant security problem in certain CPAN module installs by Abigail-II (Bishop) on May 03, 2004 at 16:13 UTC
I don't agree that there is not an increased danger during the install if you are installing modules as root or modifying the version of perl that root uses. That sounds obvious, until you rephrase it as "it's gives more security if you install modules as a non-root user". Sure, it might matter if no UID that can cause havoc ever runs the code of the modules installed, but if so, what would be the point of installing them? My point is that the danger doesn't stop that "make install", it's isn't that you can relax if you get a prompt back after typing "make install". That's only when trouble starts. The dangerous part of opening a lion cage isn't the act of opening the door - the danger only starts when the lion gets out of the cage. Abigail	[reply]
Re: Re: Blatant security problem in certain CPAN module installs by exussum0 (Vicar) on May 03, 2004 at 14:30 UTC
What if the make process spawns and backgrounds a ping -f on someone? From a t1, that could be quite annoying from a lot of different perspectives. Humma la beeba la seeba la booba la Humma la beeba la seeba la bop	[reply]