"Kempter, Lynda L." wrote:
>
> To perl, or not to perl; that is the question. Literally.
>
> A request has been made to install perl on the firewall. (It
> would run some system audit routines, bring it in line with the
> rest of the internal unix systems.) Given the choice, I'd rather
> not. Why give the hackers yet another tool to use when they
> break into the firewall? I wouldn't put a C compiler on the system
> for the same reason. The argument for installing perl is that it's
> much more "secure" than something like C, and no more insecure
> than shell scripts.
>
> I'd be most grateful for opinions, pro and con, from the list.
In general I'd say no.
However I could see doing it on one condition. If the perl interpreter
is modified to log all command line arguments it sees to syslog, and
it's interactive command mode is also logged. Let the cracker run
perl code, just log it all to the syslog.
My firewall is a highly stripped down machine with only the bare minimum
needed. It sends all log data to the logger machine. No analysis is
done on the firewall machine. That is the job of the logger machine.
--
| Bryan Andersen | [EMAIL PROTECTED] | http://softail.visi.com |
| Buzzwords are like annoying little flies that deserve to be swatted. |
| -Bryan Andersen |
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
