Re: Privilege-escalation attacks on NT-based Windows are unfixable

From:
Date: 08/29/02


Date: Thu, 29 Aug 2002 05:19:48 -0400

Casper H.S. Dik wrote:
>
> Benjamin Goldberg <goldbb2@earthlink.net> writes:
>
> >The Perl programming language, with taint checking enabled, comes
> >pretty close to being a secure programming language.
>
> But it has all the same problems as other complicated runtime
> environments; they're impossible to "get right"; witness the buffer
> overflows and other security bugs in the perl interpreter proper.

Which perl version are you talking about? ISTR that 5.6.0 had many such
bugs, most of which were fixed in 5.6.1.

The most recent perl version is 5.8.0; if any of the buffer overflows
and security bugs that existed in older perls still exist in this most
recent perl, I would be seriously surprised.

Of course, this being a relatively new version, there are surely many
new and improved bugs, possibly including buffer overflows, but the old
bugs ought to be gone :)

-- 
tr/`4/ /d, print "@{[map --$| ? ucfirst lc : lc, split]},\n" for
pack 'u', pack 'H*', 'ab5cf4021bafd28972030972b00a218eb9720000';