Many are going to be against doing this, and many are going to say that
adding any compilers or languages on the firewall are
not-so-good-things-to-to<TM>. Yet, this debate has appeared from time to
time, and I've yet to see anyone offer a good response to the fact that
the 'cracker' of yer firewall box can bring in his own toys to alter the
system as he sees fit. I'm assuming others that have been in environments
before me pondered this, and that was the reason I've often see
firewalling boxen fully loaded with all the toys, though they often tend
to be 'locked down' some with special permissions and group rights, again,
I question this setup as, if the firebox gets compromised, chances are
roots gone south with it and who needs those special group perms in those
cases eh?
Thanks,
Ron DuFresne
On Tue, 14 Mar 2000, Kempter, Lynda L. wrote:
>
> To perl, or not to perl; that is the question. Literally.
>
> A request has been made to install perl on the firewall. (It
> would run some system audit routines, bring it in line with the
> rest of the internal unix systems.) Given the choice, I'd rather
> not. Why give the hackers yet another tool to use when they
> break into the firewall? I wouldn't put a C compiler on the system
> for the same reason. The argument for installing perl is that it's
> much more "secure" than something like C, and no more insecure
> than shell scripts.
>
> I'd be most grateful for opinions, pro and con, from the list.
>
> Cheers,
> Lyn
>
> <*> [EMAIL PROTECTED]
> "Expect me when you see me."
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
