Re: Privilege-escalation attacks on NT-based Windows are unfixable

From:
Date: 08/29/02


Date: Thu, 29 Aug 2002 05:19:48 -0400

Casper H.S. Dik wrote:
>
> Benjamin Goldberg <goldbb2@earthlink.net> writes:
>
> >The Perl programming language, with taint checking enabled, comes
> >pretty close to being a secure programming language.
>
> But it has all the same problems as other complicated runtime
> environments; they're impossible to "get right"; witness the buffer
> overflows and other security bugs in the perl interpreter proper.

Which perl version are you talking about? ISTR that 5.6.0 had many such
bugs, most of which were fixed in 5.6.1.

The most recent perl version is 5.8.0; if any of the buffer overflows
and security bugs that existed in older perls still exist in this most
recent perl, I would be seriously surprised.

Of course, this being a relatively new version, there are surely many
new and improved bugs, possibly including buffer overflows, but the old
bugs ought to be gone :)

-- 
tr/`4/ /d, print "@{[map --$| ? ucfirst lc : lc, split]},\n" for
pack 'u', pack 'H*', 'ab5cf4021bafd28972030972b00a218eb9720000';



Relevant Pages

  • Re: Why I dont believe in static typing
    ... The Mercury distribution includes one Perl program, mtags, which is now ... I can give you an analysis of the bugs that occurred ... because statically typed languages will ...
    (comp.lang.lisp)
  • Re: installation of Statistics::Test::WilcoxonRankSum
    ... I tried installing its dependent module Contextual::Return, ... and see if other people with your OS and your version of perl have seen ... Look through the list of reported bugs and see ... Even if you only upgrade to 5.8.9 (which is also ...
    (comp.lang.perl.misc)
  • Re: Privilege-escalation attacks on NT-based Windows are unfixable
    ... >>pretty close to being a secure programming language. ... > overflows and other security bugs in the perl interpreter proper. ... The most recent perl version is 5.8.0; if any of the buffer overflows ...
    (comp.security.misc)
  • Questions about the Class::Contract module
    ... a simple syntax for specifying a class's interface; ... useful for writing well-designed OO modules or applications in Perl? ... reasonable workarounds for any serious bugs? ...
    (comp.lang.perl.misc)
  • Questions about the Class::Contract module
    ... a simple syntax for specifying a class's interface; ... useful for writing well-designed OO modules or applications in Perl? ... reasonable workarounds for any serious bugs? ...
    (comp.lang.perl.modules)