[openvas-discuss] Future enhancements: plugins in perl??

Jan-Oliver Wagner jan at intevation.de
Wed Nov 23 10:11:43 CET 2005


On Wed, Nov 23, 2005 at 12:35:20AM -0500, oxdeadbeef <oxdeadbeef at pit-of-despair.com> wrote:
> On Tue, 22 Nov 2005, stripes wrote:
> > On Wed, Nov 23, 2005 at 04:14:53AM +0100, Jan-Oliver Wagner wrote:
> > I agree, something like SecurePerl (stripped down for
> > security purposes) would be very cool.
> 
> I dont see the point of actually stripping it down. That then would limit 
> the use of the language. The application is testing for security 
> vulnerabilities by *any* means. Sure certain places in the core *have* to 
> be secure code. But limiting a language would just defeat the 
> purpose of using it in the first place. NASL is limited and lacks alot of 
> functionality, but yet it still can be used maliciously.

the plugin scripts should have a stripped environment.
The Server of course not.
The example I am having in mind is Zope - they solved
this quite nicely.

Best

	Jan
-- 
Jan-Oliver Wagner: www.intevation.de/~jan  | GISpatcher: www.gispatcher.de
Kolab Konsortium : www.kolab-konsortium.de | Thuban    : thuban.intevation.org
Intevation GmbH  : www.intevation.de       | Kolab     : www.kolab.org
FreeGIS          : www.freegis.org         | GAV       : www.grass-verein.de



More information about the Openvas-discuss mailing list