[openvas-discuss] Future enhancements: plugins in perl??

oxdeadbeef <oxdeadbeef@pit-of-despair.com> oxdeadbeef at pit-of-despair.com
Wed Nov 23 17:53:18 CET 2005



On Wed, 23 Nov 2005, Brian Weaver wrote:

> This thread has all the necessary trappings for becoming a flame war,
> yet it didn't. I'm impressed.
>
> Instead of focusing on replacing NASL with language X, it might be
> better to work on a framework that would allow language X, Y, and Z to
> co-exists with NASL. This way we don't punish people who have already
> invested in learning NASL, nor run off potential contributions because
> OpenVAS only supports a language they dislike.


*nods*

That is the way it has to be. We cannot just get rid of NASL. We all have 
to play nicely in the sandbox. =)


 		--jason

>
> -Weave
>
> Jan-Oliver Wagner [jan at intevation.de] wrote on Wed, Nov 23, 2005 at 10:11:43AM +0100:
>> On Wed, Nov 23, 2005 at 12:35:20AM -0500, oxdeadbeef <oxdeadbeef at pit-of-despair.com> wrote:
>>> On Tue, 22 Nov 2005, stripes wrote:
>>>> On Wed, Nov 23, 2005 at 04:14:53AM +0100, Jan-Oliver Wagner wrote:
>>>> I agree, something like SecurePerl (stripped down for
>>>> security purposes) would be very cool.
>>>
>>> I dont see the point of actually stripping it down. That then would limit
>>> the use of the language. The application is testing for security
>>> vulnerabilities by *any* means. Sure certain places in the core *have* to
>>> be secure code. But limiting a language would just defeat the
>>> purpose of using it in the first place. NASL is limited and lacks alot of
>>> functionality, but yet it still can be used maliciously.
>>
>> the plugin scripts should have a stripped environment.
>> The Server of course not.
>> The example I am having in mind is Zope - they solved
>> this quite nicely.
>>
>> Best
>>
>> 	Jan
>>
>



More information about the Openvas-discuss mailing list