Re^2: Attack on Perl or Perl's need better PR (again)

So there are bugs in Perl? Astounding :) However I regret the way the problem was announced as a major security flaw, while there isn't actually any evidence of this (except the webmin bug, but webmin is notoriously insecure anyway).

Comment on Re^2: Attack on Perl or Perl's need better PR (again)

Replies are listed 'Best First'.
Re^3: Attack on Perl or Perl's need better PR (again) by Perl Mouse (Chaplain) on Dec 01, 2005 at 11:33 UTC
However I regret the way the problem was announced as a major security flaw, while there isn't actually any evidence of this (except the webmin bug, but webmin is notoriously insecure anyway). As pointed out elsewhere in this thread, p5p disagrees with you. There is a nasty buffer overrun in Perl. Webmin isn't free of blame, it does have a security issues itself, but as one person on p5p stated "if there was no bug in perl, the bug in webmin could at most lead to a DOS attack. However, with the overrun bug in Perl, the flaw in Webmin may leave your boxed 0wned". There is a nasty security bug in Perl, and it took a security bug in Webmin to uncover it. `Perl --((8:>*`	[reply]

Replies are listed 'Best First'.

Re^3: Attack on Perl or Perl's need better PR (again)
by Perl Mouse (Chaplain) on Dec 01, 2005 at 11:33 UTC

However I regret the way the problem was announced as a major security flaw, while there isn't actually any evidence of this (except the webmin bug, but webmin is notoriously insecure anyway).

There is a nasty security bug in Perl, and it took a security bug in Webmin to uncover it.

Perl --((8:>*

[reply]