Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re: Perl 'executable'

by zentara (Archbishop)
on Oct 22, 2010 at 12:40 UTC ( [id://866799]=note: print w/replies, xml ) Need Help??


in reply to Perl 'executable'

You could look at it the other way. When it's deployed as a binary, no one really can be sure what it is doing, without extensive effort. Whereas a conventional script can be easily scanned, to see what it is doing.

If you want some security with a script, just have it's permissions and ownership set, and maybe do some cryptographic fingerprinting of it.

I would be very suspicious of any binary I was asked to run, unless I compiled it myself.


I'm not really a human, but I play one on earth.
Old Perl Programmer Haiku ................... flash japh

Replies are listed 'Best First'.
Re^2: Perl 'executable'
by Xilman (Hermit) on Oct 22, 2010 at 13:32 UTC

    "I would be very suspicious of any binary I was asked to run, unless I compiled it myself."

    Really? I guess you must be running Gentoo then, and even then bootstrapped your own compiler from hand-written assembler in order to get the initial gcc working from code you trust.

    There are times when you just have to trust a binary whether you like it or not. Reflections on Trusting Trust has a valuable take on the issue.

    Paul
      I agree, but there are certain tradeoffs in trust. I do keep a watch over the software than comes in precompiled form.

      I make a distinction in trust levels.

      I would be more likely to trust a binary that comes from a prebuilt distribution, like Ubuntu; than from some perl hacker who claims he/she dosn't want me to see what the script does. There is just an obvious difference there in threat level.

      At least the distributions make their source packages available. Will the perl hacker make his uncompiled source script available to me?


      I'm not really a human, but I play one on earth.
      Old Perl Programmer Haiku ................... flash japh

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://866799]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (7)
As of 2024-04-23 16:50 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found