[4363] in bugtraq
Re: Smashing the Stack: prevention?
daemon@ATHENA.MIT.EDU (Randal Schwartz)
Tue Apr 29 00:12:35 1997
Date: Mon, 28 Apr 1997 06:31:39 -0700
Reply-To: Randal Schwartz <merlyn@STONEHENGE.COM>
From: Randal Schwartz <merlyn@STONEHENGE.COM>
X-To: nate <nate@MILLCOMM.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: nate's message of Sun, 27 Apr 1997 20:31:55 -0400
>>>>> "nate" == nate <nate@MILLCOMM.COM> writes:
nate> 2. 'hmm. what if you change the compiler?'
nate> C compilers could be modified to do bounds checking, and/or
nate> problem functions could be made to complain to the user at compile time.
Not surprisingly, as a next-gen language, Perl already had this stuff
built in. Arrays and other data structures are dynamically scalable.
And the "taint" dataflow checking (nothing *from* the outside world
could influence actions *to* the outside world without explicit
"cleansing") has been in there since Perl version 2 (1988). Perl 5
introduced the notion of running code in an arbitrary "Safe" box,
providing interfaces that mimic system functions. You could write a
setuid script that executes nearly everything insde the box, then
calls controlled "through the box wall" functions to perform I/O or
launch processes.
Yes, there was the CERT-able hole two years ago because Larry got an
#ifdef backwards on a platform he didn't have access to, and the
recent one where a *libc* routine couldn't handle the arbitrary-sized
data that Perl was handing it. We have efforts going on in the Perl
developer groups to stamp the rest of those out. (And yes, there are
apparently a few others. Durn libc. :-)
So, if you want to write a secure toy, and you want to write it in 1/3
to 1/5 the number of lines of code of C, and you want it to be secure,
just use Perl.
--
Name: Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095
Keywords: Perl training, UNIX[tm] consulting, video production, skiing, flying
Email: <merlyn@stonehenge.com> Snail: (Call) PGP-Key: (finger merlyn@ora.com)
Web: <A HREF="http://www.stonehenge.com/merlyn/">My Home Page!</A>
Quote: "I'm telling you, if I could have five lines in my .sig, I would!" -- me
