http://www.perlmonks.org?node_id=1196055


in reply to Re^2: Perl Security Testing
in thread Perl Security Testing

Just keep down-voting, mein enemy.   Just keep down-voting.

(Maybe “the usual seven” could write a short Perl script to query all 4,329 of my posts so-far, and, if all of you ran this script to down-vote every single one of my posts, then maybe you will finally succeed in down-voting me completely off the island ...   Woo, hoo!)

Otherwise, please listen up . . .

Otherwise, I stand behind my original comments without further comment.   The OP knows little about security, is blanched by the number of CVE reports that have been logged with regards to Perl, and really does want information and assurance.   Not too much of interest has so-far been said in this thread, hence my comment.   First, that there is nothing particularly special ... nor, categorically “vulnerable,” about Perl.   And, that most interesting exploitable-things occur at the operating system level, not the application.   Merely overflowing a buffer will not get you root, and so on.

And, in my second paragraph, underscoring the human(!) factor.   It has usually been my experience over these many, many years ... and, believe it or not, it’s getting close to forty ... that security breaches which were initially ascribed to “external” sources, almost always turned out to be “internal.”   My client-before-this also had the experience of realizing ex post facto that he had unwittingly hired a convicted felon on probation.

I will also, incidentally, stand behind all of my previous, cited by you, posts, as well.   Not the way that you would have responded to the same thread?   Goody for you.   There is(!) “more than one way to do™” a great many things in this world including, replying to a thread.