a lightly-tested, monolithic program written in a dynamic language that permits monkey-patching at runtime and doesn't have Perl's taint checking support, makes me nervous to say the least
lightly-tested - Objection valid. Testing should be heavy for a MTA.
monolithic program - Erlang-style process separation might be useful here, with each part running at different privilege levels.
dynamic language that permits monkey-patching - So what? Dynamic languages are not any less secure. Machine code injection often allowed by many C programs is the ultimate monkey-patching. If you want to make a Smalltalk image secure, you just expunge the Compiler objects and disable the various #perform: messages. No more compiling! No more dynamic evaluating or altering of Smalltalk code of any kind.
doesn't have Perl's taint checking support - Objection could be valid. Taint checking is a very good thing. However, it turns out that there is something along those lines for Python.
One thing that's nice about dynamic languages, is that many of them are immune to buffer-overflow code injection. That, plus taint checking actually makes me feel better about the security of properly architected and deployed applications in dynamic languages.
I do agree that the set of apps you mention are deceptively "enticingly easy." Caution is warranted!
lightly-tested - Objection valid. Testing should be heavy for a MTA.
monolithic program - Erlang-style process separation might be useful here, with each part running at different privilege levels.
dynamic language that permits monkey-patching - So what? Dynamic languages are not any less secure. Machine code injection often allowed by many C programs is the ultimate monkey-patching. If you want to make a Smalltalk image secure, you just expunge the Compiler objects and disable the various #perform: messages. No more compiling! No more dynamic evaluating or altering of Smalltalk code of any kind.
doesn't have Perl's taint checking support - Objection could be valid. Taint checking is a very good thing. However, it turns out that there is something along those lines for Python.
http://mail.python.org/pipermail/python-list/2007-February/5...
One thing that's nice about dynamic languages, is that many of them are immune to buffer-overflow code injection. That, plus taint checking actually makes me feel better about the security of properly architected and deployed applications in dynamic languages.
I do agree that the set of apps you mention are deceptively "enticingly easy." Caution is warranted!