Re: Debian Installation experience

To: Alexander Kjeldaas <astor@guardian.no>
Cc: Brandon Mitchell <bhmit1@mail.wm.edu>, Debian User Mailing List <debian-user@lists.debian.org>
Subject: Re: Debian Installation experience
From: Craig Sanders <cas@taz.net.au>
Date: Tue, 8 Jul 1997 12:17:13 +1000 (EST)
Message-id: <[🔎] Pine.LNX.3.96.970708120129.5151E-100000@siva.taz.net.au>
In-reply-to: <[🔎] Pine.LNX.3.95.970706193335.28859A-100000@lucifer.guardian.no>

On Sun, 6 Jul 1997, Alexander Kjeldaas wrote:

> Is it a goal for debian not to require perl? I don't think so - and
> that is one of the things I don't like with debian. It seems that
> debian is infested with perlism. There are "smart" perl-scripts doing
> all sorts of things.

perl is no less secure than sh + sed + awk + cut + (all the other useful
unix utilities). anything you can do in perl you can do with those tools
too, but not quite as easily (for some things, a shell script is easier
than perl).

> I don't want powerful interpreters on my system and definitively not
> compilers - I regard them as a security risk since I want to set
> up my systems so that they do not accept the introduction of new
> executables (mounting noexec, nodev, read-only etc). It doesn't seem
> to be possible to do that with debian yet.

It's not possible to do that with ANY unix. If you give someone a login
shell and a text editor, or even just an ftp-only login then they can
create executables.

if you really need this level of paranoia, then write a script to run
out of cron which does something like:

    cd /var/log
    mv -f executable.today executables.yesterday
    find / -perms +111 -print >executables.today
    diff executables.today executables.yesterday | mail -s "new executables" root

even that won't find plain text files which people can invoke like "perl
myprog.pl" or "sh myprog.sh".

in other words, the only way to do it on any unix is to be vigilant, and
to make sure your users understand what they are and are not allowed to
do on your system.

> Not that it's possible with redhat either, but the debian policy
> _should_ be to allow other types of distributions to be made based on
> the debian-packages.

that IS one of debian's policies.

> It isn't interesting to use debian-packages without using the
> package-system for example - so when the package-system is bloated,
> it just isn't feasible to make a specialized "distribution" based
> on debian.

why not?

> I had hoped that debian would stick to the GNU policy of using one
> implementation language - C, and only use perl as an "intermediate"
> step.

Why? C is good, but so is sh, and perl, and C++, and java, and many
other languages. Each language has its own strengths and weaknesses.

Some tasks are better done in perl (or even sh) than in C...why force
people to write programs that are 1000 times more complicated than they
need to be just so that they are written in the approved language?

craig

--
craig sanders
networking consultant                  Available for casual or contract
temporary autonomous zone              system administration tasks.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: Debian Installation experience
  - From: Alexander Kjeldaas <astor@guardian.no>

References:
- Re: Debian Installation experience
  - From: Alexander Kjeldaas <astor@guardian.no>

Prev by Date: Re: a question about SAMBA!!!
Next by Date: Re: Minimal hardware for web server
Previous by thread: Re: Debian Installation experience
Next by thread: Re: Debian Installation experience
Index(es):
- Date
- Thread