Re: C set-user-ID program wrapper for Perl script and security

From: Richard Heathfield <rjh@xxxxxxxxxxxxxxx>
Date: Sun, 31 Aug 2008 07:51:35 +0000

Andrew Poelstra said:

On 2008-08-31, Richard Heathfield <rjh@xxxxxxxxxxxxxxx> wrote:

Peter Michaux said:

On Aug 30, 3:03 pm, "Malcolm McLean" <regniz...@xxxxxxxxxxxxxx> wrote:

it is reasonable to hardcode paths in a Perl script,
much less sensible to do so in a C program.

Why is that?

No reason whatsoever. Malcolm is wrong. If you want to hardcode paths in
a C program, go to it. There will be an impact on portability (because
the path might not have the same semantics or might not even exist on
another machine), but that argument applies just as much to the Perl
script.

Not really - a C program is almost always compiled, which means to change
a hardcoded path one needs to have access to the source code. By nature,
a Perl script is itself the source, meaning that any hardcoded paths are
going to be human-readable and mutable.

Fair point - but let's compare like with like. If you're shipping source,
ship source, in which case the C program is just as human-readable as the
Perl script (and possibly *more* so, given typical Perl scripts!), and
just as mutable. All you need then is a C compiler (which is analogous to
the Perl interpreter).

--
Richard Heathfield <http://www.cpax.org.uk>
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
.

References:
- C set-user-ID program wrapper for Perl script and security
  - From: Peter Michaux
- Re: C set-user-ID program wrapper for Perl script and security
  - From: Peter Michaux
- Re: C set-user-ID program wrapper for Perl script and security
  - From: Richard Heathfield
- Re: C set-user-ID program wrapper for Perl script and security
  - From: Andrew Poelstra

Prev by Date: Re: C set-user-ID program wrapper for Perl script and security
Next by Date: Re: C set-user-ID program wrapper for Perl script and security
Previous by thread: Re: C set-user-ID program wrapper for Perl script and security
Next by thread: Re: C set-user-ID program wrapper for Perl script and security
Index(es):
- Date
- Thread

Relevant Pages

Re: distributing perl applications
... > I have a perl script I wrote for win32, and I want it to be the ... > quality of a typical C windows program. ... > compiler and the perl2exe and AS perlapp programs. ...
(comp.lang.perl.misc)
Re: Filesize limit for Perl on UNIX
... There is no file limit in Perl. ... And the options to the compiler at compile time. ... Type perl -V to see if your version of perl has large file support. ... Assuming the perl script writes to stdout, ...
(perl.beginners)
RE: Segmentation Fault(Core dumped)
... But when I started testing my perl script, ... Compilation failed in require at ./test.pl line 13. ... > official business of Sender. ...
(perl.dbi.users)
Re: sharing variables-data perl-asp
... Also how do you invoke a perl script from an active server page? ... ASP in Perl. ... Why do you want to shell out to perl when you're already running perl? ...
(comp.lang.perl.misc)
Re: environment variables in perl scripts
... Define a BEGIN block in your perl program. ... > perl script, something like: ... > environment variables are there and diag.txt shows ... > This communication is intended for the use of the ...
(perl.dbi.users)