comment on

Perl has a potential buffer overflow problem. So does C, and in my opinion, any language based on C.

My major complaint with the line of thinking in this article -- that security should be built in at a fairly high level (and Perl is a high level language) -- is that it, by inference, absolves the O/S of responsibility for not permitting buffer overflows to cause problems. My experience on various flavors of MVS and VM was that any attempt by an application program to access memory outside of its data allocation resulted in immediate termination; data could not be executed as "code" nor could somebody else's memory be accessed.

Should buffer overflows be prevented at the language level? Sure; it's easy in a language without dynamic allocations and doable in a language with dynamic allocations.

emc

Visit Netlib

In reply to Re: eWeek article: Is a New Vulnerability the Tip of the Perl Iceberg? by swampyankee
in thread eWeek article: Is a New Vulnerability the Tip of the Perl Iceberg? by marto

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.