SPUG: Perl FUD

ced at carios2.ca.boeing.com ced at carios2.ca.boeing.com
Tue Jul 25 14:04:27 CDT 2000


BOSS: "Given security issues, is it a good idea to be using PERL for our
      tools?"

> Does anyone have any good advice on how to respond to this?  Keep in
> mind that this guy is my boss :-).

I'm not sure what security concerns he's been misinformed
about but Perl has an enviable reputation for its security
mechanisms.  If you need a published cite:    

   "Practical Unix Security" by S.Garfinkel & Gene Spafford

That's a bit dated I suppose but Perl's taint checking is 
still a safeguard unmatched elsewhere. Forked processes via
magical opens provide a device to isolate dangerous operations. 
The latest perl offers a strategy to foil possible security 
flaws that can occur due to temporary files.  

If that's not enough there's the under utilized Safe module 
which allows you to compile and execute code in restricted 
compartments. Carefully reading the perlsec docs will
reveal more.

Rgds,
--
Charles DeRykus

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
      Subscriptions; Email to majordomo at pm.org:  ACTION  LIST  EMAIL
  Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
 For full traffic, use spug-list for LIST ; otherwise use spug-list-digest
  Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/





More information about the spug-list mailing list