[Israel.pm] [Fwd: Failed: PAUSE indexer report SEMUELF/Data-ParseBinary-0.07.tar.gz]

Shmuel Fomberg semuelf at 012.net.il
Wed Sep 24 09:57:51 PDT 2008


Oh. So considering that I work on windows, and use
"C:\\Program Files\\GnuWin32\\bin\\bsdtar.exe" -cvzf ...
to pack my module, how do I make it not world-writable?
make them as read only?

Shmuel.

Yitzchak Scott-Thoennes wrote:
> See http://www.nntp.perl.org/group/perl.qa/2008/09/msg11568.html and (in
> that thread) http://www.nntp.perl.org/group/perl.qa/2008/09/msg11568.html
> 
> Basically, your packaging presents a security threat; someone installing
> your module can untar it and something come along and overwrite the
> contents of Makefile.PL before it's run.
> 
> And Andreas has made the call to prevent indexing such packages, knowing
> that that will cause a lot of pain (and presumably a lot of pressure to
> fix whatever is wrong with people's build practices/tools that is
> causing the problem).
> 
> On Tue, September 23, 2008 1:42 pm, Shmuel Fomberg wrote:
>> Hi All.
>>
>> What does that means?
>>
>> Shmuel.
>>
>> -------- Original Message --------
>> Subject: 	Failed: PAUSE indexer report
>> SEMUELF/Data-ParseBinary-0.07.tar.gz
>> Date: 	Tue, 23 Sep 2008 22:22:55 +0200
>> From: 	PAUSE <upload at pause.perl.org>
>> To: 	owner at semuel.co.il, andreas.koenig.gmwojprw+pause at franz.ak.mind.de
>>
>>
>>
>>
>> The following report has been written by the PAUSE namespace indexer.
>> Please contact modules at perl.org if there are any open questions.
>> Id: mldistwatch.pm 1063 2008-09-23 05:23:57Z k
>>
>>
>> User: SEMUELF (Shmuel Fomberg)
>> Distribution file: Data-ParseBinary-0.07.tar.gz
>> Number of files: 38
>> *.pm files: 18
>> README: Data-ParseBinary-0.07/README
>> META.yml: No META.yml found
>>
>>
>> META-driven index: no
>> Timestamp of file: Tue Sep 23 20:21:24 2008 UTC
>> Time of this run: Tue Sep 23 20:22:55 2008 UTC
>>
>>
>> The distribution contains the following world writable directories or
>> files and is therefore considered a security breach and as such not being
>> indexed: Data-ParseBinary-0.07/ Data-ParseBinary-0.07/lib/Data/
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/ Data-ParseBinary-0.07/t/
>> Data-ParseBinary-0.07/Changes Data-ParseBinary-0.07/MANIFEST
>> Data-ParseBinary-0.07/Makefile.PL Data-ParseBinary-0.07/README
>> Data-ParseBinary-0.07/lib/Data/ParseBinary.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/Adapters.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/Constructs.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/Core.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/Bit.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/File.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/String.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/StringBuffer.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/Stream/Wrapper.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/Streams.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/DataCap.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/ExecELF32.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/ExecPE32.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/FileSystemMbr.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/GraphicsBMP.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/GraphicsEMF.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/GraphicsPNG.pm
>> Data-ParseBinary-0.07/lib/Data/ParseBinary/lib/GraphicsWMF.pm
>> Data-ParseBinary-0.07/t/01various.t Data-ParseBinary-0.07/t/02streams.t
>> Data-ParseBinary-0.07/t/03lib.t Data-ParseBinary-0.07/t/_ctypes_test.so
>> Data-ParseBinary-0.07/t/bitmapx1.bmp
>> Data-ParseBinary-0.07/t/bitmapx24.bmp
>> Data-ParseBinary-0.07/t/bitmapx4.bmp
>> Data-ParseBinary-0.07/t/bitmapx8.bmp Data-ParseBinary-0.07/t/cap2.cap
>> Data-ParseBinary-0.07/t/emf1.emf Data-ParseBinary-0.07/t/notepad.exe
>> Data-ParseBinary-0.07/t/png1.png Data-ParseBinary-0.07/t/png2.png
>> Data-ParseBinary-0.07/t/python.exe Data-ParseBinary-0.07/t/sqlite3.dll
>> Data-ParseBinary-0.07/t/wmf1.wmf . Hint: maybe try 'make dist' or 'Build
>> dist'.
>>
>>
>> __END__
>>
>>
>>
>> _______________________________________________
>> Perl mailing list
>> Perl at perl.org.il
>> http://perl.org.il/mailman/listinfo/perl
>>
>>
> 
> 
> _______________________________________________
> Perl mailing list
> Perl at perl.org.il
> http://perl.org.il/mailman/listinfo/perl
> 




More information about the Perl mailing list