Re: Potentially insecure Perl scripts
- Date: Wed, 23 Jan 2019 20:45:27 -0800
- From: Russ Allbery <rra@xxxxxxxxxx>
- Subject: Re: Potentially insecure Perl scripts
Ben Hutchings <ben@xxxxxxxxxxxxxxx> writes:
> People have said this about ASLR, protected symlinks, and many other
> kinds of security hardening changes. We made them anyway and took the
> temporary pain for a long-term security gain.
Well, Perl has a deprecation mechanism with warnings and so forth,
although I don't think Perl has ever actively broken a feature outside of
"use <version>" with a later version, except for features marked as
experimental. But I suppose it's possible.
Good luck with that -- there was a long discussion about this when <<>>
was introduced, and as one can tell, that viewpoint did not prevail.
Maybe it's used less now and it might be easier to get rid of it?
Russ Allbery (rra@xxxxxxxxxx) <http://www.eyrie.org/~eagle/>