[Israel.pm] perl memory and buffer overflows

Gaal Yahas gaal at forum2.org
Thu Dec 23 13:07:36 PST 2004


amit sides wrote:

> im very intersting at perl secure programing and how to avoid 
> buffer-overflow and how to mange the memory with perl.
> i wonder if you guys know any good guide/book about it.

This kind of bug isn't a normal concern of a Perl programmer. All Perl
data structures grow as needed, so you can't exploitably smash the stack
just by pushing large inputs at perl functions. In fact, Perl does not
*have* automatic variables a la c at all. All variables are allocated on
a heap and managed with reference counting.

Of course, perl itself is implemented in c, and it is quite possible
that perl itself contain buffer overruns. These would probably be hard
to expolit, though, and I haven't heard of any.

For practical advice on securing Perl programs, see the perlsec manual
page.

Gaal

-- 
Gaal Yahas <gaal at forum2.org>
http://gaal.livejournal.com/



More information about the Perl mailing list