Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Smashing the Stack: prevention?
From: tqbf () ENTERACT COM (Thomas H. Ptacek)
Date: Tue, 29 Apr 1997 07:03:02 -0500

Not surprisingly, as a next-gen language, Perl already had this stuff
built in.  Arrays and other data structures are dynamically scalable.
And the "taint" dataflow checking (nothing *from* the outside world

There are fifty-five thousand lines of C code involved in the Perl
interpreter. Any privileged Perl program is executing the entirety of the
Perl interpreter as privileged code. I understand an appreciate Perl's
attention to security with "taint" checking and scaleable datatypes, but I
wouldn't trust a Perl program with an SUID bit for a heartbeat.

Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf () enteract com]
"If you're so special, why aren't you dead?"

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]