Daniel Pittman wrote:
[2] formmail. I say no more.
The perl language has been pretty bullet proof. I do recall one string-based exploit in the many many years I have been using it. That said, yup, scripts like formmail are written by monkeys in the 11th level hell and sent to torment sys admins. I was running an ISP and in my early days I stupidly allowed some customers to upload their own perl CGI scripts to our (only) main web server. After watching the machine being brought down to its knees due to inexperienced coding (don't ask) I learnt my lesson very quickly. They only way to allow user-supplied scripts nowadays is via some sort of virtualisation scheme with solid sandboxing. Even then, poor coding can gobble up heaps of resources needlessly. cheers rickw -- ________________________________________________________________ Rick Welykochy || Praxis Services || Internet Driving Instructor The user's going to pick dancing pigs over security every time. -- Bruce Schneier -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html