Re: Smashing the Stack: prevention?

Thomas H. Ptacek (tqbf@enteract.com)
Tue, 29 Apr 1997 07:03:02 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Shawn Instenes: "Re: Smashing the Stack: prevention?"
Previous message: Thomas H. Ptacek: "Re: SMASHING THE STACK: PREVENTION?"
Maybe in reply to: nate: "Smashing the Stack: prevention?"
Next in thread: Shawn Instenes: "Re: Smashing the Stack: prevention?"

> Not surprisingly, as a next-gen language, Perl already had this stuff
> built in. Arrays and other data structures are dynamically scalable.
> And the "taint" dataflow checking (nothing *from* the outside world

There are fifty-five thousand lines of C code involved in the Perl
interpreter. Any privileged Perl program is executing the entirety of the
Perl interpreter as privileged code. I understand an appreciate Perl's
attention to security with "taint" checking and scaleable datatypes, but I
wouldn't trust a Perl program with an SUID bit for a heartbeat.

----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com]
----------------
"If you're so special, why aren't you dead?"

Next message: Shawn Instenes: "Re: Smashing the Stack: prevention?"
Previous message: Thomas H. Ptacek: "Re: SMASHING THE STACK: PREVENTION?"
Maybe in reply to: nate: "Smashing the Stack: prevention?"
Next in thread: Shawn Instenes: "Re: Smashing the Stack: prevention?"