[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Perl essential ?

Hi Marc,

On Fri, 2 Mar 2001, Marc Haber wrote:

> On 02 Mar 2001 14:17:10 +0300, Ilya Martynov <m_ilya@agava.com> wrote:
> >>>>>> "MH" == Marc Haber <debian-devel.lists.debian.org@marc-haber.de> writes:
> >    MH> I would really second this. perl is too powerful to be on a
> >    MH> security relevant system.

> >IMHO perl scripts can be much more secure that C code and shell code:

> That is not my point. My point is that a system without perl has no
> use as host for attacker tools that are written in perl. An attacker
> would have to install perl first, making the system a less attractive
> target.

You must get some interesting rootkits in your part of the world.  Around
here, the crackers I've had the misfortune of crossing paths with assume only
that they can run compiled C programs -- I've never seen an exploit that
depended on perl to run.  So I don't think having perl installed will make
attackers think Debian machines are more attractive targets.

Steve Langasek
postmodern programmer

Reply to: