Le 16/12/2010 01:45, Bob Proulx a écrit : > The shell isn't the only one that introduces a security vulnerability > on most systems when setuid. All interpreters are the same in that > regard. On systems where you shouldn't suid scripts then you > shouldn't suid any of the set of sh/perl/python/ruby scripts either. > I think most people would consider at least one of those in that set a > real programming language. :-)
None of these other languages has the same quoting complexity. You can find some FAQs saying: "Never setuid a shell script, use something less dangerous instead like Perl for instance". I imagine it is too difficult to appreciate this complexity and objectively compare it to other languages when you are an expert in it.
