[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Perl essential ?

>>>>> "MH" == Marc Haber <debian-devel.lists.debian.org@marc-haber.de> writes:

    MH> On Fri, 02 Mar 2001 12:31:34 +1100, Glenn McGrath
    MH> <bug1@optushome.com.au> wrote:
    >> Would it be a good long term goal to remove perl from
    >> Esssential and rewrite these scripts for a posix compliant
    >> shell or in c.

    MH> I would really second this. perl is too powerful to be on a
    MH> security relevant system.

IMHO perl scripts can be much more secure that C code and shell code:

1) there is no buffer overflows

2) perl has taint mode (by the way why debian scripts doesnt use it?)

3) shell scripting ofthen very unsecure IMHO because of various shell
   expansion feauteres. I admin that I can be wrong here because I'm
   not expert in shell scripting (I just prefer Perl for anything more
   complex than three lines script :) )

Ilya Martynov
AGAVA Software Company, http://www.agava.com

Reply to: