http://www.perlmonks.org?node_id=668963


in reply to Unix shell versus Perl

eyepopslikeamosquito writes:

"Shell scripts tend to be insecure. Running an external command in a global environment is inherently less secure than calling an internal function. Which is why most Unices do not allow a shell script to be setuid."
Suidperl of questionable status. While some have said it should be considered depricated: http://www.xray.mpe.mpg.de/cgi-bin/w3glimpse2html/perl5-porters/2008-01/msg00949.html

Others are interested in keeping it alive. Indeed, Perl ships without setuid compiled on some distros.

A lot of the negatives built into some of the shells can be seen in differing degrees in perl. It's interpreted nature means it can be slow. It's eclectic feature set means it can be difficult to audit. It's cooperative nature means scripts can call questionable binaries. It's comprehensive nature means it's footprint is large. So it would be dangerous to attack shells based on their architecture.

"Shell scripts, being interpreted and often having to create new processes to run external commands to do work, tend to be slow."

Perl is also interpreted. Although I think that is not the crux of your argument I would chose different wording.


s//----->\t/;$~="JAPH";s//\r<$~~/;{s|~$~-|-~$~|||s |-$~~|$~~-|||s,<$~~,<~$~,,s,~$~>,$~~>,, $|=1,select$,,$,,$,,1e-1;print;redo}