Perl PR: "Security holes in Sys::Syslog"

Thanks to Steve Peters to pointing me to this article, blaming "Perl  
flaws."

http://news.com.com/2100-1002_3-5975954.html

Apparently, webmin is vulnerable to nasty format strings passed to  
Sys::Syslog.

As PR guy for The Perl Foundation, I'm going to put something  
together that refutes this, and gives an explanation of why Perl  
doesn't have a security hole.   (Or, if necessary, why it is a  
security hole and what we're going to do about it)

I'd appreciate any tech details you fine p5pers can supply,  
especially if this is something that we've visited before in the past.

Thanks,
Andy


-- 
Andy Lester => andy@petdance.com => www.petdance.com => AIM:petdance

• Perl PR: "Security holes in Sys::Syslog" by Andy Lester
• Re: Perl PR: "Security holes in Sys::Syslog" by dreamwvr
• Re: Perl PR: "Security holes in Sys::Syslog" by Dave Mitchell
• Re: Perl PR: "Security holes in Sys::Syslog" by Nicholas Clark
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• [PATCH] Disable constant folding of sprintf by Gisle Aas
• Re: [PATCH] Disable constant folding of sprintf by hv
• Re: [PATCH] Disable constant folding of sprintf by Nicholas Clark
• Re: [PATCH] Disable constant folding of sprintf by Andy Lester
• Re: [PATCH] Disable constant folding of sprintf by Steve Peters
• Re: [PATCH] Disable constant folding of sprintf by Rafael Garcia-Suarez
• Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Ronald J Kimball
• RE: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois
• Re: Perl PR: "Security holes in Sys::Syslog" by Ronald J Kimball
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• sprintf patches by Andy Lester
• Re: sprintf patches by Rafael Garcia-Suarez
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Brendan O'Dea
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by H.Merijn Brand
• Re: sprintf patches by Steve Peters
• Re: sprintf patches by Jason Vas Dias
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Brendan O'Dea
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Dominic Dunlop
• Re: sprintf patches by Dominic Dunlop
• Re: sprintf patches by Dominic Dunlop
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Andrew Dougherty
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Dominic Dunlop
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Steve Hay
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Steve Hay
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Andy Dougherty
• Re: sprintf patches by Dominic Dunlop
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Andy Dougherty
• RE: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• RE: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois
• Re: Perl PR: "Security holes in Sys::Syslog" by Ronald J Kimball
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Dave Mitchell
• Re: Perl PR: "Security holes in Sys::Syslog" by hv
• Re: Perl PR: "Security holes in Sys::Syslog" by Nicholas Clark
• Re: Perl PR: "Security holes in Sys::Syslog" by hv
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Andy Lester
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• [patch] Re: Perl PR: "Security holes in Sys::Syslog" by Philippe M. Chiasson
• Re: [patch] Re: Perl PR: "Security holes in Sys::Syslog" by Allen Smith
• Re: [patch] Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• Re: [patch] Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• RE: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois
• Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Nicholas Clark
• RE: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois
• Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• [PATCH] Suppress "0b" prefix for sprintf("%#b", 0) by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Adriano Ferreira