Bugtraq mailing list archives

Re: Smashing the Stack: prevention?

From: tqbf () ENTERACT COM (Thomas H. Ptacek)
Date: Tue, 29 Apr 1997 07:03:02 -0500

Not surprisingly, as a next-gen language, Perl already had this stuff
built in.  Arrays and other data structures are dynamically scalable.
And the "taint" dataflow checking (nothing *from* the outside world


There are fifty-five thousand lines of C code involved in the Perl
interpreter. Any privileged Perl program is executing the entirety of the
Perl interpreter as privileged code. I understand an appreciate Perl's
attention to security with "taint" checking and scaleable datatypes, but I
wouldn't trust a Perl program with an SUID bit for a heartbeat.

----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf () enteract com]
----------------
"If you're so special, why aren't you dead?"

Current thread:

Re: Smashing the Stack: prevention?, (continued)
- Re: Smashing the Stack: prevention? Joe Zbiciak (Apr 28)
- Re: Smashing the Stack: prevention? Daniel Ryde (Apr 28)
- xlock clarification.... David Hedley (Apr 28)
- Re: Smashing the Stack: prevention? Steve Coleman - SEWP (Apr 28)
- Re: Smashing the Stack: prevention? Alexander Snarskii (Apr 28)
- Re: Smashing the Stack: prevention? Michael Shields (Apr 28)
  - Re: Smashing the Stack: prevention? Theo de Raadt (Apr 28)
- Re: Smashing the Stack: prevention? Shawn Instenes (Apr 29)
- Re: Smashing the Stack: prevention? J.R.Valverde (Apr 28)
- Re: Smashing the Stack: prevention? Randal Schwartz (Apr 28)
  - Re: Smashing the Stack: prevention? Thomas H. Ptacek (Apr 29)
- Re: Smashing the Stack: prevention? J.R.Valverde (Apr 29)
- Re: Smashing the Stack: prevention? J.R.Valverde (Apr 29)