Problems? Is your data what you think it is? | |
PerlMonks |
Re: Re^4: Dangerous diamonds! (s/real/perfect/ world)by hv (Prior) |
on May 20, 2003 at 04:02 UTC ( [id://259358]=note: print w/replies, xml ) | Need Help?? |
Without regard to the question of whether this particular feature is desirable, I think the maxim of 'know what you are running when you are logged in as root' remains important and relevant. In that regard, the fact that a perl installation may regularly change as new modules are installed from CPAN should be seen as an issue to be addressed - CPAN modules do not get anything like the same level of checking as the core perl installation. Perhaps, then, it would be advisable to install a version of perl specifically for the use of trusted scripts, with its own library path, and require a higher level of validation before any changes to that installation. On my local system, I have a statically-linked perl in /sbin primarily so that scripts involved in startup/shutdown of the system can have a binary to use that doesn't need any other filesystems to have been mounted. I could certainly imagine orienting a security strategy for perl-as-root code around that installation. Hugo
In Section
Meditations
|
|