Re: How to answer "Perl is not secure" objections?

I have a feeling manager^3 was thinking about Perl's setuid functionality. I found this interesting (though out-dated, I believe) write-up about Perl's setuid features in context of security.

http://www.cs.cmu.edu/People/rgs/pl-suid.html

---
It's all fine and dandy until someone has to look at the code.

Comment on Re: How to answer "Perl is not secure" objections?

Replies are listed 'Best First'.
Re^2: How to answer "Perl is not secure" objections? by mr_mischief (Monsignor) on Sep 06, 2007 at 18:54 UTC
Of course, large projects should never be run setuid anyway. Any setuid program in any language should be as small as possible, do as little as needs to be done setuid, then hand off to non-setuid executables.	[reply]
Re^3: How to answer "Perl is not secure" objections? by Joost (Canon) on Sep 06, 2007 at 19:39 UTC
Regardless of the problems that running SUID programs (and SUID interpreted scripts in particular) can cause, note that you need to have root permissions in order to make anything SUID root. I might as well claim that all languages are insecure because I could code something destructive and run it using `sudo`. These kinds of issues should, for the most part, be solved by using sane system administrator (to make the policies) and a sane OS (to enforce the policies). "What should it profit a man, if he should win a flame war, yet lose his cool?"	[reply] [d/l]
Re^4: How to answer "Perl is not secure" objections? by Fletch (Bishop) on Sep 06, 2007 at 19:59 UTC
sane system administrator I know all those words but that phrase makes no sense . . . (Says the still recovering mostly-former sysadmin . . . :)	[reply]


Think about Loose Coupling
	PerlMonks