SLUG Mailing List Archives
Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs)
- To: Rick Welykochy <rick@xxxxxxxxxxxxx>
- Subject: Re: Compromised Linux box stories (Re: [SLUG] upgrading complicated installs)
- From: Adrian Chadd <adrian@xxxxxxxxxxxxxxx>
- Date: Mon, 2 Jun 2008 13:40:32 +0800
- Cc: slug@xxxxxxxxxxx
- User-agent: Mutt/1.5.9i
On Mon, Jun 02, 2008, Rick Welykochy wrote:
> Daniel Pittman wrote:
> > formmail. I say no more.
> The perl language has been pretty bullet proof. I do recall
> one string-based exploit in the many many years I have been using
Shit code can be written on all platforms.
> That said, yup, scripts like formmail are written by monkeys
> in the 11th level hell and sent to torment sys admins.
> I was running an ISP and in my early days I stupidly allowed
> some customers to upload their own perl CGI scripts to our
> (only) main web server. After watching the machine being brought
> down to its knees due to inexperienced coding (don't ask) I
> learnt my lesson very quickly.
> They only way to allow user-supplied scripts nowadays is via
> some sort of virtualisation scheme with solid sandboxing. Even
> then, poor coding can gobble up heaps of resources needlessly.
The trouble is that the entry barrier for coding is so low, you can
"code" without any "clue".