[Phoenix-pm] perl eval and the No Execute chips

Scott Walters scott at
Wed Sep 13 09:53:28 PDT 2006


Of course, the article doesn't mention that other architectures have
had that for years and years.  Slashdot has a bad habit of publishing
every lame press release that gets sent to them, no matter how innane
or physically impossible (I have a list somewhere of the various times they've
published PR releases from pump-and-dump scanm companies claiming to have
invented the single atom transistor, which makes about as much sense
as an atomic canary).

Yes.  Don't use eval.  Higher level langauges, such as Perl, and
really, anything other than C, C++, and B, aren't vulnerable to
buffer overflows (the underlying problem).  Of course, if the language is
implemented in C, the implementation of the language might have a buffer 
overflow, or off by one error on a buffer, or range error, such as
with the recent sprintf exploit for Perl.

Seriously though, you should Google up the old Phrack article, "smashing
the stack for fun and profit".  It's as good as intro into this extremely
prevailent problem that all programmers should understand.

-scott

On  0, Jerry Davis <jdawgaz at cox.net> wrote:
> I was reading an article through /. about Security, and I quote a
> little from the article:
> 
> "Aitel cited the NX (No eXecute) technology being built into chips from
> Intel and Advanced Micro Devices that will effectively prevent code
> execution within data pages such as default heaps, stacks and memory
> pools."
> 
> What if any effect will this new technology have on scripted languages
> like perl?
> 
> Just wondering here.
> 
> Jerry
> 
> -- 
> Happy Trails!
>  
> Hobbit Name: Pimpernel Loamsdown
> Registered Linux User: 275424
>  
> Jeep Motto #2: Paved Roads Are a Fine Example of Needless Government
> Spending!
> _______________________________________________
> Phoenix-pm mailing list
> Phoenix-pm at pm.org
> http://mail.pm.org/mailman/listinfo/phoenix-pm


More information about the Phoenix-pm mailing list