Re^3: Attack on Perl or Perl's need better PR (again)

because it's supposed to run on operating systems that may provide only perl4 as default (many proprietary Unixen did until recently or perhaps still do even today)

You may be right, but I would be interested in your listing any platform or distribution that ships a perl earlier than 5.6.1.

Anyway, that's no excuse for the people who develop and maintain Webmin not to produce a secure version, with -T and best current practices. If such is being shipped as a package it should be made dependent on a recent perl package.

However, the real fault would belong to the administrator who'd leave an accessible webmin server on the web ! I wouldn't dare, even a secured, perl5 tainted webmin...

Depends what you mean by leave accessible. Would you entertain having the app available htpassword protected? You could always set it up so that alarm bells are rung if it gets invoked unexpectedly.

--

Oh Lord, won’t you burn me a Knoppix CD ?
My friends all rate Windows, I must disagree.
Your powers of persuasion will set them all free,
So oh Lord, won’t you burn me a Knoppix CD ?
(Missquoting Janis Joplin)

Comment on Re^3: Attack on Perl or Perl's need better PR (again)

Replies are listed 'Best First'.
Re^4: Attack on Perl or Perl's need better PR (again) by duff (Parson) on Nov 30, 2005 at 18:23 UTC
Just wanted to point out that even though I agree that there are probably very very very few (or none) unixen that ship today with perl4 as the standard perl, there are lots of them that have in the past. And while it's easy for us to tell someone who uses an old unix box to upgrade, it's not always easy for them to do so. duff	[reply]
Re^5: Attack on Perl or Perl's need better PR (again) by rinceWind (Monsignor) on Dec 01, 2005 at 11:01 UTC
Once there is a reasonably secure and robust webmin, someone should build a multi-architecture PAR distribution for the platforms where it is needed. This will save the admins from needing to upgrade perl. -- Oh Lord, won’t you burn me a Knoppix CD ? My friends all rate Windows, I must disagree. Your powers of persuasion will set them all free, So oh Lord, won’t you burn me a Knoppix CD ? (Missquoting Janis Joplin)	[reply]
Re^4: Attack on Perl or Perl's need better PR (again) by wazoox (Prior) on Nov 30, 2005 at 17:55 UTC
You may be right, but I would be interested in your listing any platform or distribution that ships a perl earlier than 5.6.1. Well, let's have a try :) nox 3% uname -aR IRIX nox 6.5 6.5.22m 10070055 IP22 nox 4% perl -v This is perl, version 5.004_05 built for irix-n32 (with 1 registered patch, see perl -V for more detail) Solaris ships decent perl versions,but I don't know for AIX, Tru64 and HP/UX.	[reply]
Re^5: Attack on Perl or Perl's need better PR (again) by castaway (Parson) on Dec 01, 2005 at 09:15 UTC
Newer AIX (5.1+) and HP-UX (11i+) both ship with 5.8 available. (HP-UX standard install may still come with perl4 installed, but 5.8 is there as an option now, iirc) C.	[reply]
Re^5: Attack on Perl or Perl's need better PR (again) by gsiems (Deacon) on Dec 02, 2005 at 19:46 UTC
Tru64 version 5.1a: $ perl -v This is perl, v5.6.0 built for alpha-dec_osf Tru64 version 5.1b: $ perl -v This is perl, v5.8.0 built for alpha-dec_osf	[reply]
Re^4: Attack on Perl or Perl's need better PR (again) by diotalevi (Canon) on Dec 02, 2005 at 21:01 UTC
I thought it was still fairly standard to ship 5.005_03 as the standard interpreter. That's from being on a handful of Sun and BSD boxes. I still think its pretty strange that my Linux actually comes with a 5.8.	[reply]
Re^5: Attack on Perl or Perl's need better PR (again) by Perl Mouse (Chaplain) on Dec 05, 2005 at 11:29 UTC
5.005_03 shipped with Solaris 8. Solaris 9 shipped with 5.6.1 and 5.005_03, the latter for compatibility reasons. Solaris 10 ships with 5.8.x, for some version of x, and 5.6.1. Solaris 11 will ship with whatever is the current Perl version when the cut is made, and with the version that shipped with Solaris 10. `Perl --((8:>*`	[reply]