in reply to Re: Malware on CPAN
in thread Malware on CPAN

I know of 3 in the last 12 years which were quasi-fishy uploads with potential

Mostly its just tar permissions nonsense that linux folks complain to win32 folks -- PAUSE was updated to deal with that (withoutworldwritables)

There was one real phone-home thing, and the author took to the criticism, and stopped doing that

Lots of net/web modules use real-live urls for testing, or try to start servers on local-network instead of explicitly localhost -- I keep fighting this one, but nothing nefarious

There is one thing still on CPAN which could be used for perl rootkits ( i don't want to publicize it) but its NA (45) UNKNOWN (155)

Replies are listed 'Best First'.
Re^3: Malware on CPAN
by moritz (Cardinal) on Jun 20, 2012 at 07:36 UTC
[reply]

      Well, I already raised the issue once in opinions on, feel free to take it up :)

[reply]

        As long as you stick to unsubstantiated claims and vague links leading nowhere, I call you a troll spreading FUD.

        Are you referring to opinions on Win32::Process::Hide, and think it's bad because hiding processes is what some malware does?

        If yes, I must say that it's a tool, and there may well be legitimate use cases. Just like port scanners, which are sometimes slammed as "hacker tools", but really useful in practice. At the very least the module is not malicious in the sense that it does harm to your system without indicating so in the documentation.

        Perl 6 - the future is here, just unevenly distributed
[reply]
        A reply falls below the community's threshold of quality. You may see it by logging in.

        Feel free to actually link to the post you want people to look at.

[reply]

In Section Seekers of Perl Wisdom