Solostian has asked for the wisdom of the Perl Monks concerning the following question:
Hi,
I'm currently following a course on secure programming. Since it's targeted mainly at C/C++/Java programmers, I have a lot of unanswered questions regarding Perl programming.
The most important one I have is related to buffer overflows. My understanding of this kind of exploit is that the runtime memory is accessed in an abnormal way in order to get to sensitive data and/or run arbitrary code. Which brings up the Garbage Collector.
From previous posts, I learned that, for exemple, using undef on data structures releases the memory back to the Perl interpreter for reuse. The same thing happens when a reference goes out of scope. What I would like to know is what reallly happens to the bits when the memory is released. Are the all reset to 0? Are they left as is (thus possibly creating an opening following a buffer overflow)? Finally, is memory management the same with scripts converted to executables by perlapp or perl2exe?
Regards,
Solostian
-- "Fortunately, ridicule does not kill..."
I'm currently following a course on secure programming. Since it's targeted mainly at C/C++/Java programmers, I have a lot of unanswered questions regarding Perl programming.
The most important one I have is related to buffer overflows. My understanding of this kind of exploit is that the runtime memory is accessed in an abnormal way in order to get to sensitive data and/or run arbitrary code. Which brings up the Garbage Collector.
From previous posts, I learned that, for exemple, using undef on data structures releases the memory back to the Perl interpreter for reuse. The same thing happens when a reference goes out of scope. What I would like to know is what reallly happens to the bits when the memory is released. Are the all reset to 0? Are they left as is (thus possibly creating an opening following a buffer overflow)? Finally, is memory management the same with scripts converted to executables by perlapp or perl2exe?
Regards,
Solostian
-- "Fortunately, ridicule does not kill..."
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Garbage Collection & Secure Programming
by VSarkiss (Monsignor) on May 02, 2006 at 15:12 UTC | |
Re: Garbage Collection & Secure Programming
by zer (Deacon) on May 02, 2006 at 15:04 UTC | |
Re: Garbage Collection & Secure Programming
by Anonymous Monk on May 03, 2006 at 02:10 UTC | |
by sgt (Deacon) on May 03, 2006 at 21:28 UTC | |
Re: Garbage Collection & Secure Programming
by sgifford (Prior) on May 03, 2006 at 05:01 UTC | |
by rafl (Friar) on May 09, 2006 at 11:41 UTC | |
Re: Garbage Collection & Secure Programming
by duckyd (Hermit) on May 02, 2006 at 22:51 UTC |
Back to
Seekers of Perl Wisdom