[Nagiosplug-devel] Re: Embedded Perl (was check_by_ssh something...)

Andreas Ericsson ae at op5.se
Fri Apr 2 05:17:04 CEST 2004


Paul L. Allen wrote:
>> Unions and structs are a part of ANSI. It's perfectly acceptable to 
>> have an array of structs containing arrays of structs with arrays of 
>> arrays (or whatever) in them, allowing for infinite depth arrays.
> 
> Gosh, you have unions and structs.  Ah well, that's everything you'll ever
> need.
>
For functionality, yes.

>> Hashes are convenient, but not necessary since it's perfectly possible
>> for you to hop the pointer yourself.
> 
> Hashes are not just convenient, they solve many problems that would scale
> badly and run very slowly without them. 

If the code is written properly, scaling is not a problem. If it isn't, 
no language in the world will do the trick for you.

> Of course, you can write your own
> hash code, but good hashing code is difficult to write.  Or you could find
> a C library.  Or you could use perl.
> 
Enter simple mathematics. I argue that good hashing code is trivial to 
write as long as it has been properly implemented from the beginning.

>> Bah. Some plugins should be written in C. Those that parse a lot of 
>> text should be written in perl, and those that rely on external 
>> commands for their data retrieval (like snmpget and fping) should be 
>> written in unix shell (it handles program execution better than perl, 
>> since it can fork() instead of execve()).
> 
> And if you rely on external commands that generate a lot of text that you
> have to parse?
> 
man grep
man sed
man awk
man cut

>>> So what I'm saying is that for most cases you don't need C.  Take a
>>> look at the perl plugins. NONE of them make use of C-code modules that
>>> I know of.
>>
>> The Socket module works with C-code underneath, as does SNMP and File.
> 
> The socket module is part of the standard distribution.  Perl is written
> in C.  Neither of those facts mean that it is sensible to rewrite perl
> plugins in C just because perl is written in C.
> 
SNMP is not, but I guess you missed that. Also, if I read Karl's 
comments on the perl framework correctly, it has almost grown out of its 
own usefulness.

>>> Most competent programmers understand that programmers generate the
>>> same average number of *fully* debugged lines of code a day no matter
>>> which language they write in.  It is left as an exercise for the reader
>>> to compute the average code-density ratio of perl and C.
>>>
>>>> Those same functions can be called and linked from any C program 
>>>> without the intermittent layer and the top-level code.
> 
> With many more lines of code needed to do so, especially if you need
> text mangling.  I made the point about productivity and your response
> ignored it.
> 
By reducing the intermittent code layers production times will drop. In 
what way did I ignore the productivity issues?

>>> You can do anything from any language, if you try hard enough.
>>
>> My point exactly. Why try 'hard enough' to write it in perl if it 
>> needs C under the hood any way?
> 
> Why work hard to code something in many lines of C that could be done in
> a few lines of perl?  BTW, code generated in C is just a bunch of
> opcodes and data.  Why write it in C when it's just opcodes under the
> hood?  Why not write raw machine instructions?
> 
Now you're just being silly.

>> On a serious note though; Do you know how many bugs and potential bugs 
>> me and the other Owl developers have fixed in perl 5.8.3? Last time I 
>> checked we were at patch-level 23 (each patch fixes 3 or more bugs). 
>> Patches have been submitted, but it's a serious load of code so I'm 
>> thinking it'll be a while until they're allowed in the tree.
> 
> You're doing a good job with the patches.  But, as you admit, you've
> submitted patches for other things like Apache.  You may have the luxury
> of not running Apache until you've done a thorough audit and fixed all
> the holes, most people don't.  The same thing goes for perl.
> 
Are you expecting a reply to this?

>> Also, we value security above functionality, which isn't always
>> functional enough for the kind of ad-hockery many perl programmers
>> (read script kiddies) indulge in.
> 
> Yeah, script kiddies like the programmers for the Swedish state pension
> scheme.  After the main project code went way off schedule, some of these
> "script kiddies" knocked up some code in perl as an interim system.  It
> worked so well that the main project code was dropped and the interim
> perl code upgraded to have all the functionality in the spec.  The perl
> code took a small fraction of the time to write that had already been
> spent on the main code.
> 
many != all
Are you making this up, btw? I live and work in sweden but I've never 
seen this pension scheme, or any news or anything about it.

>> Auditing a perl plugin makes the one-time penalty even worse, since it 
>> requires auditing of perl itself as well (not to mention the modules 
>> it uses).
> 
> That's a fair point.  But given the choice between a plugin that does
> what I need written in perl or no plugin at all, I take the former.
> 
Already discussed and agreed upon.

>>> I remember mentioning to you just how much of the TCP stack is in kernel
>>> space these days but I haven't seen a response.
>>
>> What do you want me to respond to? You weren't asking me anything if I 
>> remember things correctly, merely stating that it was (which is true, 
>> so I don't have a respond for that).
> 
> The point is that most of the stack runs in kernel space and is therefore
> a potential vulnerability.  Yet another thing to audit.
> 
Do you think I mainly spent my time working on IDE-drivers while 
auditing the kernel?

>> Besides, perl is as vulnerable as anything to kernel bugs.
> 
> And C isn't?  Hint: perl is written in C.  So if you can write something
> in perl that's vulnerable to a kernel bug you can write the same thing in
> C with the same vulnerability.
> 
'as vulnerable as anything' wasn't there for rhetorical reasons.

>>> A *good* coder works around the limitations of many platforms rather
>>> than coding purely for his own platform.  Perl simplifies that process
>>> by already knowing about many of those problems.
>>
>> You put too much faith in Larry Wall et al.
> 
> The same faith I put into linux and apache.  I know that they are going
> to contain bugs but they are better than the alternatives.  I know that
> open source development means they are likely to improve.  I know that
> they may contain bugs, but in the end I need an OS and webserver.
> 
And I'll be happy to provide both. Actually, it's more than just likely 
that some of the code you rely on was written by me, or based off of 
work I put into it. Fun, eh?

>> Also, a false sense of security is worse than real sense of insecurity.
> 
> I don't trust any software to be secure.  Short of disconnecting servers
> from the internet, there isn't much I can do to be confident I am
> totally secure.  Unlike you, I don't believe that your patches will
> make any of these things totally secure because I don't fool myself that
> I can think of every possible vulnerability or that totally new exploit
> mechanisms will never be found.

I don't believe they will make me totally secure. I believe they will 
make me more secure than I would have been without them.

> 
>>> In practise, the only plugin I have seen that needs to run
>>> an external command as another user called sudo.
>>
>> Which means a legitimate sudo call will exist on the stack (free fire 
>> zone).
> 
> Are you advocating setuid as a safer alternative?
> 
No, I suggest the script calling sudo shouldn't be cached. If it is then 
evey instance of nagios will have an easy shot at a vulnerability in its 
stack.

>> Yes, but at what cost? Do we need to mark certain scripts as unsafe 
>> for the EPN, and how do we go about doing that? Config variables in 
>> nagior, or with shell-scripts wrapped around them?
> 
> How about separate directories?

Should work out ok. Then we'd only have to add one new variable to the 
main configuration file. 'perl_safe_cache_dir' or something. Code could 
be kept rather clean (well, not any messier than it is at least) and 
consistent, and everybody would be happy.

-- 
Mvh
Andreas Ericsson
OP5 AB
+46 (0)733 709032
andreas.ericsson at op5.se




More information about the Devel mailing list