Re: Perl essential ?

To: <debian-devel@lists.debian.org>
Subject: Re: Perl essential ?
From: Steve Langasek <vorlon@netexpress.net>
Date: Fri, 2 Mar 2001 23:53:47 -0600 (CST)
Message-id: <[🔎] Pine.LNX.4.30.0103022344520.5388-100000@tennyson.netexpress.net>
In-reply-to: <[🔎] E14Yppx-0000WO-00@torres.ka0.zugschlus.de>

Hi Marc,

On Fri, 2 Mar 2001, Marc Haber wrote:

> On 02 Mar 2001 14:17:10 +0300, Ilya Martynov <m_ilya@agava.com> wrote:
> >>>>>> "MH" == Marc Haber <debian-devel.lists.debian.org@marc-haber.de> writes:
> >    MH> I would really second this. perl is too powerful to be on a
> >    MH> security relevant system.

> >IMHO perl scripts can be much more secure that C code and shell code:

> That is not my point. My point is that a system without perl has no
> use as host for attacker tools that are written in perl. An attacker
> would have to install perl first, making the system a less attractive
> target.

You must get some interesting rootkits in your part of the world.  Around
here, the crackers I've had the misfortune of crossing paths with assume only
that they can run compiled C programs -- I've never seen an exploit that
depended on perl to run.  So I don't think having perl installed will make
attackers think Debian machines are more attractive targets.

Steve Langasek
postmodern programmer

Reply to:

References:
- Re: Perl essential ?
  - From: Marc Haber <debian-devel.lists.debian.org@marc-haber.de>

Prev by Date: Re: Well done on new devel pages
Next by Date: Re: How to make Packages file 50% smaller
Previous by thread: Re: Perl essential ?
Next by thread: Re: Perl essential ?
Index(es):
- Date
- Thread