[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [groff] [PATCH] Avoid Perl's unsafe "<>" operator
|
From: |
Ingo Schwarze |
|
Subject: |
Re: [groff] [PATCH] Avoid Perl's unsafe "<>" operator |
|
Date: |
Sun, 3 Mar 2019 14:52:55 +0100 |
|
User-agent: |
Mutt/1.8.0 (2017-02-23) |
Hi,
Colin Watson wrote on Sun, Mar 03, 2019 at 12:02:31PM +0000:
> On Fri, Mar 01, 2019 at 04:41:36PM +0000, Deri wrote:
>> I prefer the first solution you suggested, upon which my code was based,
>> because there will be no change of behaviour. I have been unable to find
That sounds reckless to me, accepting unnecessary risk for very weak
and marginal reasons.
> I argue that - if we're trying to construct a secure system, which I hope
> we are - this is fundamentally the wrong approach.
I strongly agree with Colin, and i think he is explaining his case
very well.
I'd even go a step further and stress that simpler, safer, less
magical facilities ought to be preferred even when that causes minor
loss of functionality.
In contrast to the shell, which is practically impossible to use
safely, the Perl programming language *can* be used safely, but it
requires discipline and restraint.
Don't forget that too much cleverness and complexity are among the
worst enemies of correctness and security, and that Perl is notorious
for being complicated - if you pick the wrong features. If you
have to make a substantial argument to prove that something is safe,
that means it is *not* safe enough for use in practice and ought
to be avoided.
Of course, Colin is also right that avoiding magic in the first
place is almost always better than escaping against it. It is a
corollary of the well-known fact that whitelisting (i.e. explicitly
listing what is allowed) is almost always much better than blacklisting
(i.e. attempting to list everything that might be dangerous).
Yours,
Ingo