Re: Secure popen

From: Nick Brawn (ncbat_private)
Date: Thu Jun 21 2001 - 06:09:36 PDT

  • Next message: Adrian Ho: "Re: Secure popen"

    On Wed, Jun 20, 2001 at 01:32:53PM +0100, Glynn Clements wrote:
    > 
    > Richard Mirch wrote:
    > 
    > > Is there any specific reason why you are writing a simple CGI in c++? If
    > > it is for learning, then I can see the point but this can easily be done
    > > securely and efficiently in PERL or perhaps PHP(never had a chance to do
    > > this).
    > 
    > Whilst it's theoretically possible to write a secure CGI in Perl, it's
    > a lot easier to get it right in a language such as C++ which:
    > 
    > a) doesn't make extensive use of "in-band signalling" (i.e.
    > subsitutions triggered by metacharacters),
    > 
    > b) has (reasonably) strong typing, and
    > 
    > c) tends to be legible.
    > 
    > Scripting languages such as Perl are useful for quick hacks, but
    > security-wise, they truly suck. Scan the BugTraq archives for
    > references to CGI programs; I would guess that around 90% of
    > vulnerabilities are due to the above.
    
    Is the reason for the large number of vulnerabilities in perl-based
    CGI's due to the language? This is what you appear to be saying.
    
    My thought is that because perl is easier for entry-level programmers 
    to program in, those programmers will use it for developing web and other 
    applications. 
    
    Less-experienced programmers generally make more mistakes (or poor 
    design choices) than more-experienced programmers.
    
    Therefore we're likely to see more dodgy scripts written in perl, by bad
    programmers, simply because bad programmers find perl more accessible
    than say, C++.
    
    Technical features of a language (that have security implications) 
    mean little, unless they either happen invisibly in the background (memory 
    management in perl), or are actively and correctly used by the programmer 
    (i.e. snprintf(3)). 
    
    > 
    > Also note that, with the use of a decent C++ "string" class, there's
    > no reason why a program should be susceptible to buffer overruns.
    > 
    > -- 
    > Glynn Clements <glynn.clementsat_private>
    > 
    
    Cheers,
    Nick
    
    -- 
    "I'm just very selective about the reality I choose to accept"
    						--Calvin
    



    This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 08:39:55 PDT