develooper Front page | perl.perl5.porters | Postings from October 2012

Re: Security Issues in perl-5.16.x

Thread Previous | Thread Next
From:
David Golden
Date:
October 2, 2012 18:24
Subject:
Re: Security Issues in perl-5.16.x
Message ID:
CAOeq1c_tXgkFZpXg2FHCz=vfOfCHGHwiKRCXOXTV-U54OS221A@mail.gmail.com
On Tue, Oct 2, 2012 at 8:14 PM, Chip Salzenberg <rev.chip@gmail.com> wrote:
> On Tue, Oct 2, 2012 at 4:43 PM, demerphq <demerphq@gmail.com> wrote:
>> It is not clear to me that nulls in package
>> names are intrinsically safe so for the sake of this discussion I am
>> assuming they are not.
>
> The primary question here, raised in annoying and roundabout fashion
> by Reini -- again -- is whether NULs in package names and/or open
> calls are in fact safe.  So you should not assume the conclusion;
> that's a serious logical fallacy.

Let's not assume it as a conclusion.

Let's assume it as a hypothesis:  *If* NULs in package names are not
safe, then how could an attacker exploit that fact?

I have yet to see any convincing explanation of a mechanism and people
seem very quick to get distracted by whether it's FUD or not or
whether we should just strip/warn/die for good measure.

Let's go further and assume that taint checking is on.

Admittedly, I have neither a white nor black hat, so am at risk of
talking out my ass about this, but an exploit would seem to need the
following:

(1) Attacker needs a way to get a "payload" of malicious data into memory
(2) Attacker needs a way to execute said payload

Does the NUL issue relate to #1 or #2?  If so, how?

David

-- 
David Golden <xdg@xdg.me>
Take back your inbox! → http://www.bunchmail.com/
Twitter/IRC: @xdg

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About