[clug] Creating non-root perl owner to run CPAN
Michael James
clug at james.st
Tue Mar 7 05:45:22 GMT 2006
There are a number of Linux language packages
that are self-extending such as Perl, python, and R,
For example, installing the BioConductor package
is easiest from within R, just run R,
source a URL to download the script,
then run the function thus created.
Lots happens, and hey presto, a new R library!
Traditionally everything is owned and maintained by root,
but being a sysadmin (paid professional paranoid)
I created a user "rowner" and group "rusers"
and "chown -R" the R base directory "/usr/lib/R"
Now I su to rowner before doing the above,
and the system is isolated from any malicious code
somewhere in R's contributed package libraries.
So much for a language I don't know (or like or trust).
What about the language I do know, love and trust, Perl?
Su to root, set dependencies to "follow", run CPAN,
"install Bundle::Evil::RootKit" and go have a cup of coffee...
There's an awful lot of libraries and contributors...
Do I trust them all? Historically I've effectively said,
"Of course! Anyone who hacks Perl has to be a good-guy!"
Well history aside, maybe it's not such a good idea;
what do people think of using the R strategy
for all self extending languages?
michaelj
--
Michael James michael.james at csiro.au
System Administrator voice: 02 6246 5040
CSIRO Bioinformatics Facility fax: 02 6246 5166
No matter how much you pay for software,
you always get less than you hoped.
Unless you pay nothing, then you get more.
--
Konqueror has gotten so clever for its own boots
that it has forgotten what a web browser is for.
More information about the linux
mailing list