Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: Re^4: Dangerous diamonds! (s/real/perfect/ world)

by hv (Parson)
on May 20, 2003 at 04:02 UTC ( #259358=note: print w/ replies, xml ) Need Help??


in reply to Re^4: Dangerous diamonds! (s/real/perfect/ world)
in thread Dangerous diamonds!

Without regard to the question of whether this particular feature is desirable, I think the maxim of 'know what you are running when you are logged in as root' remains important and relevant.

In that regard, the fact that a perl installation may regularly change as new modules are installed from CPAN should be seen as an issue to be addressed - CPAN modules do not get anything like the same level of checking as the core perl installation.

Perhaps, then, it would be advisable to install a version of perl specifically for the use of trusted scripts, with its own library path, and require a higher level of validation before any changes to that installation.

On my local system, I have a statically-linked perl in /sbin primarily so that scripts involved in startup/shutdown of the system can have a binary to use that doesn't need any other filesystems to have been mounted. I could certainly imagine orienting a security strategy for perl-as-root code around that installation.

Hugo


Comment on Re: Re^4: Dangerous diamonds! (s/real/perfect/ world)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://259358]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (7)
As of 2015-07-30 11:43 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (271 votes), past polls