Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: How to answer "Perl is not secure" objections?

by kwaping (Priest)
on Sep 06, 2007 at 18:51 UTC ( #637504=note: print w/ replies, xml ) Need Help??


in reply to How to answer "Perl is not secure" objections?

I have a feeling manager^3 was thinking about Perl's setuid functionality. I found this interesting (though out-dated, I believe) write-up about Perl's setuid features in context of security.

http://www.cs.cmu.edu/People/rgs/pl-suid.html


---
It's all fine and dandy until someone has to look at the code.


Comment on Re: How to answer "Perl is not secure" objections?
Re^2: How to answer "Perl is not secure" objections?
by mr_mischief (Prior) on Sep 06, 2007 at 18:54 UTC
    Of course, large projects should never be run setuid anyway. Any setuid program in any language should be as small as possible, do as little as needs to be done setuid, then hand off to non-setuid executables.
      Regardless of the problems that running SUID programs (and SUID interpreted scripts in particular) can cause, note that you need to have root permissions in order to make anything SUID root.

      I might as well claim that all languages are insecure because I could code something destructive and run it using sudo.

      These kinds of issues should, for the most part, be solved by using sane system administrator (to make the policies) and a sane OS (to enforce the policies).

        sane system administrator

        I know all those words but that phrase makes no sense . . .

        (Says the still recovering mostly-former sysadmin . . . :)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://637504]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (10)
As of 2014-07-23 23:41 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (154 votes), past polls