[4377] in bugtraq
Re: Smashing the Stack: prevention?
daemon@ATHENA.MIT.EDU (Thomas H. Ptacek)
Tue Apr 29 19:58:11 1997
Date: Tue, 29 Apr 1997 07:03:02 -0500
Reply-To: tqbf@enteract.com
From: "Thomas H. Ptacek" <tqbf@ENTERACT.COM>
X-To: merlyn@STONEHENGE.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <8cafmjb7es.fsf@gadget.cscaper.com> from "Randal Schwartz" at Apr
28, 97 06:31:39 am
> Not surprisingly, as a next-gen language, Perl already had this stuff
> built in. Arrays and other data structures are dynamically scalable.
> And the "taint" dataflow checking (nothing *from* the outside world
There are fifty-five thousand lines of C code involved in the Perl
interpreter. Any privileged Perl program is executing the entirety of the
Perl interpreter as privileged code. I understand an appreciate Perl's
attention to security with "taint" checking and scaleable datatypes, but I
wouldn't trust a Perl program with an SUID bit for a heartbeat.
----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com]
----------------
"If you're so special, why aren't you dead?"
