mailing list archives
Re: Smashing the Stack: prevention?
From: tqbf () ENTERACT COM (Thomas H. Ptacek)
Date: Tue, 29 Apr 1997 07:03:02 -0500
Not surprisingly, as a next-gen language, Perl already had this stuff
built in. Arrays and other data structures are dynamically scalable.
And the "taint" dataflow checking (nothing *from* the outside world
There are fifty-five thousand lines of C code involved in the Perl
interpreter. Any privileged Perl program is executing the entirety of the
Perl interpreter as privileged code. I understand an appreciate Perl's
attention to security with "taint" checking and scaleable datatypes, but I
wouldn't trust a Perl program with an SUID bit for a heartbeat.
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf () enteract com]
"If you're so special, why aren't you dead?"
- Re: Smashing the Stack: prevention?, (continued)