[clug] Creating non-root perl owner to run CPAN
Michael James
Michael.James at csiro.au
Tue Mar 7 05:01:44 GMT 2006
There are a number of Linux language packages
that are self-extending such as Perl, python, and R,
For example, installing the BioConductor package
is easiest from within R, just run R,
source a URL to download the script,
then run the function thus created.
Lots happens, and hey presto, a new R library!
Traditionally everything is owned and maintained by root,
but being a sysadmin (paid professional paranoid)
I created a user "rowner" and group "rusers"
and "chown -R" the R base directory "/usr/lib/R"
Now I su to rowner before doing the above,
and the system is isolated from any malicious code
somewhere in R's contributed package libraries.
So much for a language I don't know (or like or trust).
What about the language I do know, love and trust, Perl?
Su to root, set dependencies to "follow", run CPAN,
"install Bundle::Evil::RootKit" and go have a cup of coffee...
There's an awful lot of libraries and contributors...
Do I trust them all? Historically I've effectively said,
"Of course! Anyone who hacks Perl has to be a good-guy!"
Well history aside, maybe it's not such a good idea;
what do people think of using the R strategy
for all self extending languages?
michaelj
--
Michael James michael.james at csiro.au
System Administrator voice: 02 6246 5040
CSIRO Bioinformatics Facility fax: 02 6246 5166
No matter how much you pay for software,
you always get less than you hoped.
Unless you pay nothing, then you get more.
More information about the linux
mailing list