[openvas-discuss] Future enhancements: plugins in perl??
oxdeadbeef at pit-of-despair.com
Wed Nov 23 06:35:20 CET 2005
On Tue, 22 Nov 2005, stripes wrote:
> On Wed, Nov 23, 2005 at 04:14:53AM +0100, Jan-Oliver Wagner wrote:
>> I saw that on http://www.openvas.org/doku.php?id=future_enhancements
>> it is listed that NASL is to be replaced by perl.
>> First I think that replacing NASL by a 'real' programming
>> language (hopefully stripped down for security aspects)
>> is a good idea but really far ahead.
> I agree, something like SecurePerl (stripped down for
> security purposes) would be very cool.
I dont see the point of actually stripping it down. That then would limit
the use of the language. The application is testing for security
vulnerabilities by *any* means. Sure certain places in the core *have* to
be secure code. But limiting a language would just defeat the
purpose of using it in the first place. NASL is limited and lacks alot of
functionality, but yet it still can be used maliciously.
>> Before you don't have a proven sustainable plugin development
>> framework (where some companies earn enough money),
>> it does not make sense to switch to something else than NASL.
>> (There would be huge reimplementation and QA effords without
>> real advance for the security auditors)
> Point taken; I'm sure this wouldn't be a small project by one
It is not a small project. But there are good examples about embedding it.
Take the irssi project for example.
>> Next, I think perl is not the best choice ;-)
>> Since it is far in the future anyway, I suggest
>> to say that "a suitable programming language" is
>> to be taken. Maybe you can find some general criteria for
>> this language.
> Ok, why not Perl? What would you suggest and why? You could
> probably get a religious argument over it, but if you're going
> to strip it down for security purposes anyway, what would be the
> problem with using Perl?
Yeah what she said... Why not perl ?!?!? hehe
easily embedded language, fast, and secure as you make it.
> Hacker Barbie! Complete with laptop, tools (\`--/') _ _______ .-r-.
> tools, and cables. Includes a free tiny >.~.\ `` ` `,`,`. ,'_'~`.
> stack of usernames and passwords! (v_," ; `,-\ ; : ; \/,-~) \
> stripes at tigerlair dot com `--'_..),-/ ' ' '_.>-' )`.`.__.')
> stripes at brickbox dot com ((,((,__..'~~~~~~((,__..' `-..-'fL
> openvas-discuss mailing list
> openvas-discuss at openvas.org
More information about the Openvas-discuss