Philipp Buehler wrote
>
> Pere Camps wrote Cc [EMAIL PROTECTED]:
> > > firewall% perl -e 'while(1) { fork() }'
> >
> > For that case, even bash is not fine:
> >
> > :(){:|:&};:
> Permit forkbomb or not? hard ulimits are always
> required.
"attacks" like these have nothing to do with perl. any program can be used
to
spend as much CPU as possible, except if there are explicit limits.
FOREVER { cat one >> two; cat two >> one} where FOREVER is to be replaced by
any
infinite loop construct...
getting back to the subject, I have nothing against installing perl on a
firewall.
The minimalist aproach have certainly rational motivations, but it requires
too much work
without obvious benefits.
I still consider that a firewall has a network functionality, and I prefer
to concentrate on network security.
If a guy is able to break in a well configured firewall, then he is
certainly able to install anything he wants.
(yes, this is not guaranteed, but nothing is guaranteed anyway).
I however understand that the other point of view is justifiable. It's just
to say that there are as many opinions as there are different kinds of
firewalls (may be the fact that we all talk about "a firewall when there are
too many sorts of
is a source of confusion)...
regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
