Re: Attack on Perl or Perl's need better PR (again)

The current consensus on p5p seems to be that there are buffer overrun issues in Perl. And while those are not exactly the same as the webmin bug, they are certainly related. (It's a buffer overrun when using sprintf formats using "%<LARGE_NUMBER>d").

To add insult to the injury, while this problem exists in other languages like C, they don't exist in all languages. Python seems to catch it.

Perl --((8:>*

Comment on Re: Attack on Perl or Perl's need better PR (again) Download Code

Replies are listed 'Best First'.
Re^2: Attack on Perl or Perl's need better PR (again) by wazoox (Prior) on Dec 01, 2005 at 10:57 UTC
So there are bugs in Perl? Astounding :) However I regret the way the problem was announced as a major security flaw, while there isn't actually any evidence of this (except the webmin bug, but webmin is notoriously insecure anyway).	[reply]
Re^3: Attack on Perl or Perl's need better PR (again) by Perl Mouse (Chaplain) on Dec 01, 2005 at 11:33 UTC
However I regret the way the problem was announced as a major security flaw, while there isn't actually any evidence of this (except the webmin bug, but webmin is notoriously insecure anyway). As pointed out elsewhere in this thread, p5p disagrees with you. There is a nasty buffer overrun in Perl. Webmin isn't free of blame, it does have a security issues itself, but as one person on p5p stated "if there was no bug in perl, the bug in webmin could at most lead to a DOS attack. However, with the overrun bug in Perl, the flaw in Webmin may leave your boxed 0wned". There is a nasty security bug in Perl, and it took a security bug in Webmin to uncover it. `Perl --((8:>*`	[reply]