[clug] Creating non-root perl owner to run CPAN
mbp at sourcefrog.net
Tue Mar 7 05:45:15 GMT 2006
On 7 Mar 2006, at 16:01 , Michael James wrote:
> There are a number of Linux language packages
> that are self-extending such as Perl, python, and R,
> For example, installing the BioConductor package
> is easiest from within R, just run R,
> source a URL to download the script,
> then run the function thus created.
> Lots happens, and hey presto, a new R library!
> Traditionally everything is owned and maintained by root,
> but being a sysadmin (paid professional paranoid)
> I created a user "rowner" and group "rusers"
> and "chown -R" the R base directory "/usr/lib/R"
> Now I su to rowner before doing the above,
> and the system is isolated from any malicious code
> somewhere in R's contributed package libraries.
> So much for a language I don't know (or like or trust).
> What about the language I do know, love and trust, Perl?
> Su to root, set dependencies to "follow", run CPAN,
> "install Bundle::Evil::RootKit" and go have a cup of coffee...
> There's an awful lot of libraries and contributors...
> Do I trust them all? Historically I've effectively said,
> "Of course! Anyone who hacks Perl has to be a good-guy!"
> Well history aside, maybe it's not such a good idea;
> what do people think of using the R strategy
> for all self extending languages?
It's an interesting approach. One thing to consider: on many
systems, some Perl scripts are run as root -- maybe your own scripts,
or maybe scripts that come with the operating system. By changing
the perl libraries an attacker who controls 'perlowner' can gain
indirectly gain root.
The general exposure is that if you don't trust all the CPAN authors
you shouldn't put their scripts into root's code path.
To avoid this you might install those libraries into a directory not
on the default path that's only searched by users who need them.
This may be more trouble than it's worth... I don't know if CPAN
supports anything like that.
More information about the linux