Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses

Re: Re^4: Dangerous diamonds! (s/real/perfect/ world)

by hv (Parson)
on May 20, 2003 at 04:02 UTC ( #259358=note: print w/replies, xml ) Need Help??

in reply to Re^4: Dangerous diamonds! (s/real/perfect/ world)
in thread Dangerous diamonds!

Without regard to the question of whether this particular feature is desirable, I think the maxim of 'know what you are running when you are logged in as root' remains important and relevant.

In that regard, the fact that a perl installation may regularly change as new modules are installed from CPAN should be seen as an issue to be addressed - CPAN modules do not get anything like the same level of checking as the core perl installation.

Perhaps, then, it would be advisable to install a version of perl specifically for the use of trusted scripts, with its own library path, and require a higher level of validation before any changes to that installation.

On my local system, I have a statically-linked perl in /sbin primarily so that scripts involved in startup/shutdown of the system can have a binary to use that doesn't need any other filesystems to have been mounted. I could certainly imagine orienting a security strategy for perl-as-root code around that installation.

  • Comment on Re: Re^4: Dangerous diamonds! (s/real/perfect/ world)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://259358]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (5)
As of 2020-01-21 23:44 GMT
Find Nodes?
    Voting Booth?