Re: How to write a secure C program..

To: Ilya Martynov <m_ilya@agava.com>
Cc: SDiZ Cheng <sdiz@uhome.net>, debian-security@lists.debian.org
Subject: Re: How to write a secure C program..
From: Nick Phillips <nwp@lemon-computing.com>
Date: Thu, 5 Jul 2001 13:02:54 +0100
Message-id: <[🔎] 20010705130254.D13403@redshift.lemon-computing.com>
In-reply-to: <[🔎] 87elry5hlm.fsf@juil.domain>; from m_ilya@agava.com on Tue, Jul 03, 2001 at 04:20:53PM +0400
References: <[🔎] 00c701c10399$58f4c380$0300a8c0@linux> <[🔎] 20010703103444.A20552@tik.ee.ethz.ch> <[🔎] 01d501c103a5$bbe7c3a0$0300a8c0@linux> <[🔎] 87elry5hlm.fsf@juil.domain>

On Tue, Jul 03, 2001 at 04:20:53PM +0400, Ilya Martynov wrote:

> AFAIK there is no known buffer overflow problem in perl functions. It
> is a very good idea to use tainted mode for Perl programs which should
> be run in dangerous environment. Check 'man perlsec' for more info.

Also read Phrack #55, art. 7 -- available at www.phrack.org.

Anyone using perl for anything vaguely secure should read this NOW if
they haven't already.

And think about all the other possibilities, too...

-- 
Nick Phillips -- nwp@lemon-computing.com
It's lucky you're going so slowly, because you're going in the wrong direction.

Reply to:

References:
- How to write a secure C program..
  - From: "SDiZ Cheng" <sdiz@uhome.net>
- Re: How to write a secure C program..
  - From: Lukas Ruf <ruf@tik.ee.ethz.ch>
- Re: How to write a secure C program..
  - From: "SDiZ Cheng" <sdiz@uhome.net>
- Re: How to write a secure C program..
  - From: Ilya Martynov <m_ilya@agava.com>

Prev by Date: w3m on security.debian.org broken
Next by Date: Re: How to write a secure C program..
Previous by thread: Re: How to write a secure C program..
Next by thread: Re: How to write a secure C program..
Index(es):
- Date
- Thread