[PLUG-TALK] Exploitable Bug in a Programming Language?
Paul Heinlein
heinlein at madboa.com
Thu Jun 2 21:22:14 UTC 2016
On Thu, 2 Jun 2016, Charles Sliger wrote:
> It is certainly possible for a programming language to make writing
> insecure code easier. C does this by design.
The other way a "programming language" can be insecure is by way of
its runtime interpreter or libraries.
True, it's not technically the language that's insecure, but telling
the basic security story to management or the general public would
probably involve a narrative in that direction.
So if the Perl or Java runtime had an exploitable vulnerability, then
Perl or Java would be "insecure." The same issue can arise with any
interpreted language or even (shudder) in a widespread runtime library
like libgcc_s.so.1.
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the PLUG-talk
mailing list