Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: Re^4: Dangerous diamonds! (s/real/perfect/ world)

by hv (Parson)
on May 20, 2003 at 04:02 UTC ( #259358=note: print w/ replies, xml ) Need Help??


in reply to Re^4: Dangerous diamonds! (s/real/perfect/ world)
in thread Dangerous diamonds!

Without regard to the question of whether this particular feature is desirable, I think the maxim of 'know what you are running when you are logged in as root' remains important and relevant.

In that regard, the fact that a perl installation may regularly change as new modules are installed from CPAN should be seen as an issue to be addressed - CPAN modules do not get anything like the same level of checking as the core perl installation.

Perhaps, then, it would be advisable to install a version of perl specifically for the use of trusted scripts, with its own library path, and require a higher level of validation before any changes to that installation.

On my local system, I have a statically-linked perl in /sbin primarily so that scripts involved in startup/shutdown of the system can have a binary to use that doesn't need any other filesystems to have been mounted. I could certainly imagine orienting a security strategy for perl-as-root code around that installation.

Hugo


Comment on Re: Re^4: Dangerous diamonds! (s/real/perfect/ world)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://259358]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (4)
As of 2014-12-28 23:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (183 votes), past polls