WingNews logo WingNews
top | item 45290335

(no title)

tdhz77 | 5 months ago

It’s hard to believe that 10k is worth whatever they need from Perl in 2025.

I wrote Perl for many years while I worked on the godforsaken cmecf system.

Cmecf this year announced it had been hacked by Russian hackers.

This means that cmecf written in Perl allowed a country access to Federal Court evidence including intelligence gathering methods, corporate secrets, and inside sources.

Perl is not memory safe, loaded with security issues for over a decade. It’s only saving grace is string manipulation, which is exactly why the best hackers in the world all know it.

discuss

order

Aldipower|5 months ago

Perl is not memory safe? Are there pointers directly to memory like in C? No, it is an interpreted language that runs opcode in the Perl virtual machine.

Sure, there are quite some safety concerns with Perl, but they can be mitigated. For example there is the taint mode with "-T" that prevents direct execution of system commands.

Would I use Perl for a new project? No. :-)

I would be interested in more details about the cmecf hack!?

kstrauser|5 months ago

Was the bug in Perl or its libraries, or in the code written in Perl? There are many valid criticisms of Perl, but I've never heard of the language itself described as insecure, and especially not memory-unsafe. I don't know how I'd write a use-after-free or stack smash in Perl if I were forced to.

Aldipower|5 months ago

Yep, there are bad bugs for example in mod_perl which is written in C and takes the interpreted Perl code and runs it in the Apache context. I think this is what the OP "heard about". But that is not the fault of Perl itself.