Perl Security Testingby zentara (Archbishop)
|on Jul 24, 2017 at 14:02 UTC||Need Help??|
Hi, the Test Driven Development, for software and for pancakes node interested me, and I went off on a tangent from talexb's original meditation. So I post a new meditation, with my reply as a starter.
Original reply: ##########################
I'm a total amateur compared to you fellows, but I do find when I write my code, for the first draft, I almost always print out arrays and variables after everytime I use them. I almost always get things wrong the first time thru, so my method is very helpful to me.
It's my guess is that the reason TDD failed is that the Test that you didn't account for, is the one that causes the bug, ( if any).
What is more worring to me is the security vulnerabilities which Perl5 is susceptible to.
For instance, could a normal or guest user on your machine, with access to Perl scripts, cause a buffer-overflow of some sort, and gain root access? I'm sure the NSA would pay for that information. :-)
How safe is Perl out there in the wild? Are systems being hacked thru Perl? As far as know, Perl has been very safe in my limited use. I guess security is the number one test.
So what do you experts feel, know, and or are hiding concerning Perl's security, assuming the scripts are written and run correctly? Was there ever a real buffer overflow exploit? etc
Should I worry about other users on my linux box getting root escalation if I let them login?
I'm not really a human, but I play one on earth. ..... an animated JAPH