[3829] in WWW Security List Archive
Penguin: remote execution of digitally signed perl
daemon@ATHENA.MIT.EDU (Prentiss Riddle)
Tue Dec 17 19:53:54 1996
From: Prentiss Riddle <riddle@is.rice.edu>
To: www-security@ns2.rutgers.edu
Date: Tue, 17 Dec 1996 17:04:31 -0600 (CST)
Errors-To: owner-www-security@ns2.rutgers.edu
"Penguin" is new to me, so I thought I'd mention it to the www-security
list:
http://www.eden.com/~fsg/penguin
Penguin is a Perl 5 module module under development. It claims to
allow users to:
-- send encrypted, digitally signed perl code to a remote machine to
be executed.
-- receive code and, depending on who signed it, execute it in an
arbitrarily secure, limited compartment.
Has anyone on this list investigated Penguin? Is it good enough to be
of interest to anyone but perl zealots?
It's ostensibly a perl geek's answer to Java, but to me it sounds more
like a perl geek's answer to ActiveX. I confess a dose of skepticism
about digital signatures as a solution to the distributed execution
problem. But has Penguin perhaps done a better job with this approach
than ActiveX has done?
And how about its execution in a "secure, limited compartment"? Could
that feature perhaps be used in a CGI context, to protect a server from
its own users?
-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
-- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
-- Opinions expressed are not necessarily those of my employer.
