Once upon a time, Valeri Galtsev galtsev@kicp.uchicago.edu said:
Indeed, perl and often python are installed on most of servers I run. Not considering myself security expert, I would like to ask: could you point to some elevation of privileges exploit written in perl or python? All I've seen were c/c++, but again I'm just a humble sysadmin.
That wasn't the point; the point was that users can only run system binaries so they can only do what is "permitted". I don't know about python, but perl can make arbitrary kernel system calls (even if they aren't actually supported by perl), so having perl installed allows users to do anything a compiled program can do. Trying to control what users can do by mounting "noexec" is not particularly limiting, at least to somebody determined.
So it may be harder/more cumbersome/etc., but I believe that you could write exploits in perl or python; it just isn't commonly done in examples because of the extra work (it's also probably harder to read).