Peter Stuge wrote:
On Thu, Feb 03, 2005 at 09:48:55AM +1000, Andy Gayton wrote:
On another note, I would suggest that you rewrite the checkpassword program in C, so that Perl doesn't talk directly to the network.
Peter, just wondering what you mean by this. I feel more confident using higher level languages which make it easier to avoid buffer overflows, and (not sure about perl, but with python) working with uninitialized variables.
Auditability. Perl is who-knows-how-many-(hundred?)-thousand lines of code, compared to a simple checkpassword program in C which may be a hundred or two, total.
Yes, checkpassword (as any priviledged program) is a sensitive piece of the system puzzle, but since it only has one very simple task, it can be audited faster and by more people with less effort.
thanks, that is a good point :)
i still trust python + myself, than just myself ( c ) .. but i guess that's a personal choice, and comes back to the degrees of security thread that was running a short while ago.
andyg.
