[Pdx-pm] [csieh at fnal.gov: Re: Horribly Broken RHEL5/SL5 Perl]

J. Shirley jshirley at gmail.com
Tue Aug 26 13:52:11 PDT 2008


On Tue, Aug 26, 2008 at 1:17 PM, Greg Petras <gpetme at gmail.com> wrote:
> On Tue, Aug 26, 2008 at 12:16 PM, J. Shirley <jshirley at gmail.com> wrote:
> [snip]
>> If you truly want multiple perls, in my opinion env is the best way to
>> manage it.
>
> I disagree. There's a variety of more secure ways to do this, in my
> opinion. The prefix where Perl is installed is irrelevant (as everyone
> seems to do it their own way), but why not be explicit, and set the
> absolute path to Perl?
>
> #!/usr/blah/bin/perl seems the best to me.
>
> Greg
>

And then when you want to run or change your perl for your application
in a controlled manner, you modify your paths in every script? If you
happen to miss one, you run an inconsistent environment?

If you're not managing your paths in your application and production
environments, you can't claim that you are being "more secure". You're
simply being vague and hoping for the best.

If you have explicit paths, then you are -more- secure because you
know EXACTLY what is going into your path before any code execution.
This is simply another point where env wins. It's programmatic,
reproducible and completely explicit.

-J


More information about the Pdx-pm-list mailing list