Toolkit
Story: Perl flaw more dangerous than thought
Posted by: Baruch Ben-David (Thursday 8 December 2005, 6:19 AM)
This problem is with a function, "printf", which is not unique to Perl, but which is used in other languages such as C and Java. Any language using the printf function is vulnerable, since the problem has to do with how that function works.
The cause of this vulnerability is sloppy programming, in particular, failing to ensure that printf is passed only legitimate data. That is the fault of the programmer, not of Perl, C, or anyone else.
No language can protect against sloppy programming.
This article reminds me of those people who sue knife manufacturers because knives are sharp and they cut themselves.
The moral: If you don't know what you're doing, chances are you're going to get hurt.
Full Talkback thread
Story: Perl flaw more dangerous than thought
-
Why is this a Perl vulnerability? Perl is written... Anonymous -
This problem is with a function, "printf", which i... Baruch Ben-David
