Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Re: How to answer "Perl is not secure" objections?

by kwaping (Priest)
on Sep 06, 2007 at 18:51 UTC ( #637504=note: print w/replies, xml ) Need Help??

in reply to How to answer "Perl is not secure" objections?

I have a feeling manager^3 was thinking about Perl's setuid functionality. I found this interesting (though out-dated, I believe) write-up about Perl's setuid features in context of security.

It's all fine and dandy until someone has to look at the code.
  • Comment on Re: How to answer "Perl is not secure" objections?

Replies are listed 'Best First'.
Re^2: How to answer "Perl is not secure" objections?
by mr_mischief (Monsignor) on Sep 06, 2007 at 18:54 UTC
    Of course, large projects should never be run setuid anyway. Any setuid program in any language should be as small as possible, do as little as needs to be done setuid, then hand off to non-setuid executables.
      Regardless of the problems that running SUID programs (and SUID interpreted scripts in particular) can cause, note that you need to have root permissions in order to make anything SUID root.

      I might as well claim that all languages are insecure because I could code something destructive and run it using sudo.

      These kinds of issues should, for the most part, be solved by using sane system administrator (to make the policies) and a sane OS (to enforce the policies).

        sane system administrator

        I know all those words but that phrase makes no sense . . .

        (Says the still recovering mostly-former sysadmin . . . :)

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://637504]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (2)
As of 2023-03-22 03:29 GMT
Find Nodes?
    Voting Booth?
    Which type of climate do you prefer to live in?

    Results (60 votes). Check out past polls.