Re: [Tails-dev] htpdate - Why the perl version?

Supprimer ce message

Répondre à ce message
Auteur: AK
Date:  
À: intrigeri
CC: The Tails public development discussion list
Sujet: Re: [Tails-dev] htpdate - Why the perl version?
On Sun, Jun 1, 2014 at 3:00 AM, intrigeri <intrigeri@???> wrote:
> AK wrote (31 May 2014 23:53:37 GMT) :
>> Just wondering why Tails decided to uses the perl version of htpdate
>> rather than the C version.
>
> We had to modify htpdate to make it suit our needs, and it was easier
> for us to modify the Perl version. Also, unless there are pretty good
> reasons, using a memory safe language seems to be sensible.
>
> Cheers!


OK, but note this from the htpdate website [1]:

"!!! no development on the Perl version is done anymore !!! "

"Be aware that the script makes a step in time and some programs (e.g.
database) do not always appreciate a step backwards in time. The C
version of htpdate doesn't step but adjusts the time smoothly."

So it is no longer maintained by upstream, and it doesn't adjust the
time smoothly. I guess you don't want to always adjust the time
smoothly since you want people to be able to get started right away,
but I think that if their clock is already close enough, it is better
to adjust smoothly (built in kernel feature as I understand it).

Also, C can run slightly faster (not sure if it's significant) and may
be easier to understand since it's a more common language (for me at
least).

For memory protection, I would suggest using kernel hardening such as
PaX from grsecurity [2].

I already started some parts of the code and it seems pretty easy if
you use libcurl.

[1] http://www.vervest.org/fiki/bin/view/HTP/DownloadPerl
[2] https://pax.grsecurity.net

Cheers,
Andrew