|Subject:||Running as root detection and optional correction.|
As I mentioned on perl-qa, it is insecure to run the CPAN shell as root. Instead, only the install process should be run as root. CPAN.pm has facilities to do this but many folks don't know about it. It would be nice if the CPAN shell issued a warning if run as root, just once. It would then offer to reconfigure itself to work as a regular user and use sudo (or whatever works) as appropriate. Included would be instructions (or if possible just do it automatically) on how to fix the .cpan file permissions to work with a regular user. If the user rejects this, it will not nag them about it again (it'll flip a toggle in the CPAN config). But now no one can blame us for not trying to fix their security hole. How does that sound? That'll close a huge gaping hole in user-end security. I've included a little prototype program to show the user interaction.
Message body not shown because it is not plain text.