On Wed, Dec 05, 2001 at 01:48:37AM +0900, Hugh Sasse Staff Elec Eng wrote:
> Those are good reasons, it seems to me.  So why the assertions about
> arrogance, etc?  If there are good reasons to refute the security
> claims, then I'd like to know what they are.  They don't add the case
> where the invoker's environment has been munged.

A) You assert every user of your script knows exactly what's happening
   when there's the message 'bash(or insert your shell here): cannot execute <scriptname>'

B) I wouldn't (and don't) use perl as root (there have been rumours it should
   help you with systems administration, I've found awk/sed/shell much more
   readable and a C program most of the time shorter and clearer than the perl slang)

C) I assumed you don't have the cwd in your path ('.') because who would ever do this ;p (*hum*)

D) it *is* a non-portable construct. If you want to write for different platforms,
   no one is helped by searching for their perl executables first everytime they
   install your scripts

E) How should one install something in a standard directory of the searchpath ? Say you hve
   /bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:~/bin
   if someone can actually create shit in those directories you're long fucked anyways.

If you have good points standing against them, let me know pls

> 
> >
> > Martin Weber
> >
> 	Hugh