[Israel.pm] perl memory and buffer overflows

amit sides DiAblo_2 at 012.net.il
Sun Dec 26 13:11:29 PST 2004


Gaal Yahas wrote:

> amit sides wrote:
>
>>>> im very intersting at perl secure programing and how to avoid 
>>>> buffer-overflow and how to mange the memory with perl.
>>>> i wonder if you guys know any good guide/book about it.
>>>
>>>
>>> This kind of bug isn't a normal concern of a Perl programmer. All Perl
>>> data structures grow as needed, so you can't exploitably smash the 
>>> stack
>>> just by pushing large inputs at perl functions. In fact, Perl does not
>>> *have* automatic variables a la c at all. All variables are 
>>> allocated on
>>> a heap and managed with reference counting.
>>
>>
>> cant i overflow the heap , and to overwrite the perl code there to my 
>> code ?
>
>
> Theoretically yes, but it takes a bug in the perl interpreter, not in
> the particular Perl program you are attacking; in that case there's not
> much difference if you're overflowing the heap or the stack, since
> neither should happen "easily".
>
im not looking for a big bugs in the general perl interpreter...just
wanna know about possible bugs that can be
by my programing ...and poeple that can use to buffer overflow my
code....i see a lot of exploits out there that use
to buffer overflow open source programs like 'open webmail', 'webmin',
etc...
what is this shell code that they send mean then ?





More information about the Perl mailing list