[PLUG-TALK] Exploitable Bug in a Programming Language?

Paul Heinlein heinlein at madboa.com
Thu Jun 2 14:22:14 PDT 2016


On Thu, 2 Jun 2016, Charles Sliger wrote:

> It is certainly possible for a programming language to make writing 
> insecure code easier.  C does this by design.

The other way a "programming language" can be insecure is by way of 
its runtime interpreter or libraries.

True, it's not technically the language that's insecure, but telling 
the basic security story to management or the general public would 
probably involve a narrative in that direction.

So if the Perl or Java runtime had an exploitable vulnerability, then 
Perl or Java would be "insecure." The same issue can arise with any 
interpreted language or even (shudder) in a widespread runtime library 
like libgcc_s.so.1.

-- 
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/



More information about the PLUG-talk mailing list