develooper Front page | perl.perl5.porters | Postings from November 2005

Perl PR: "Security holes in Sys::Syslog"

Thread Next
From:
Andy Lester
Date:
November 29, 2005 21:05
Subject:
Perl PR: "Security holes in Sys::Syslog"
Message ID:
64C232E4-1359-4223-9B66-5CCFC82500D5@petdance.com
Thanks to Steve Peters to pointing me to this article, blaming "Perl  
flaws."

http://news.com.com/2100-1002_3-5975954.html

Apparently, webmin is vulnerable to nasty format strings passed to  
Sys::Syslog.

As PR guy for The Perl Foundation, I'm going to put something  
together that refutes this, and gives an explanation of why Perl  
doesn't have a security hole.   (Or, if necessary, why it is a  
security hole and what we're going to do about it)

I'd appreciate any tech details you fine p5pers can supply,  
especially if this is something that we've visited before in the past.

Thanks,
Andy


-- 
Andy Lester => andy@petdance.com => www.petdance.com => AIM:petdance



Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About