Capturing caller id

• Messages sorted by:[ date ][ thread ][ subject ][ author ]

"CL" == Chris Lewis <clewis@ferret.ocunix.on.ca> writes:

CL> setuidishness isn't particularly relevant here, because uulogin isn't
CL> a setuid script. 

Yea, but I didn't feel like trying to trim the manpage down to the
relevant portions for that post; I was just trying to answer Gert's
question of what basic security issues Perl can address.  (I use the
tainting checks sometimes--even when I'm not running set{u,g}id--just to
check on things.)

CL> Programming in perl is not any inherently less secure than C.

I agree.

CL> However, that script needs to be carefully checked over to make sure
CL> that the user can't do anything funny with metacharacters in the
CL> password or signals.  If I'm not mistaken, taintperl would reject
CL> it.

I believe so.

CL> I'm also not particularly enamored of doing system("stty...") when
CL> ioctl() is the preferred solution (but that does introduce some
CL> system dependencies)

True; calling 'stty' is a cheap way of trying to achieve portability--it
also eliminates the need to run 'h2ph' on your system's include files to
set up the #define's for calls such as ioctl().

--Up.