On Mon, Jun 02, 2008, Rick Welykochy wrote: > Daniel Pittman wrote: > > >[2] formmail. I say no more. > > The perl language has been pretty bullet proof. I do recall > one string-based exploit in the many many years I have been using > it.
Shit code can be written on all platforms. > That said, yup, scripts like formmail are written by monkeys > in the 11th level hell and sent to torment sys admins. > > I was running an ISP and in my early days I stupidly allowed > some customers to upload their own perl CGI scripts to our > (only) main web server. After watching the machine being brought > down to its knees due to inexperienced coding (don't ask) I > learnt my lesson very quickly. > > They only way to allow user-supplied scripts nowadays is via > some sort of virtualisation scheme with solid sandboxing. Even > then, poor coding can gobble up heaps of resources needlessly. The trouble is that the entry barrier for coding is so low, you can "code" without any "clue". Adrian -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
