Re: remove perl

To: debian-user@lists.debian.org
Subject: Re: remove perl
From: Sam Watkins <swatkins@fastmail.fm>
Date: Mon, 27 Dec 2004 21:10:47 +1100
Message-id: <[🔎] 20041227101047.GA3744@bart.local>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20041227085439.36486.qmail@web51707.mail.yahoo.com>
References: <[🔎] 20041227083954.GC2167@bart.local> <[🔎] 20041227085439.36486.qmail@web51707.mail.yahoo.com>

> > >   I need to remove perl for security reasons.
> > What's insecure about having perl on a machine?

On Mon, Dec 27, 2004 at 12:54:39AM -0800, saravanan ganapathy wrote:
> Refer the url for more details
> http://linux.math.tifr.res.in/doc/securing-debian-howto/ch3.en.html

They say that having perl on a box may help attackers to further
comprimise your system or other systems after they have already broken
in.  They also say that it's not possible to remove perl without
rewriting essential parts of Debian.  So the answer is, you can't do it.

If I were you, I would concentrate on keeping attackers out.  The
presence of perl does not help attackers break into your system.

Even openbsd (which is widely regarded as the most secure unix-like
operating system) has perl in the base system.  Freebsd and netbsd
don't, but this isn't for security reasons.  You could try one of those
if you really don't want perl.

Reply to:

References:
- Re: remove perl
  - From: Sam Watkins <swatkins@fastmail.fm>
- Re: remove perl
  - From: saravanan ganapathy <sarav_gsa@yahoo.com>

Prev by Date: Re: Console Password Manager?
Next by Date: Re: Linux Functionality?
Previous by thread: Re: remove perl
Next by thread: Re: remove perl
Index(es):
- Date
- Thread