|Do you know where your variables are?|
Garbage Collection & Secure Programmingby Solostian (Beadle)
|on May 02, 2006 at 14:33 UTC||Need Help??|
Solostian has asked for the
wisdom of the Perl Monks concerning the following question:
I'm currently following a course on secure programming. Since it's targeted mainly at C/C++/Java programmers, I have a lot of unanswered questions regarding Perl programming.
The most important one I have is related to buffer overflows. My understanding of this kind of exploit is that the runtime memory is accessed in an abnormal way in order to get to sensitive data and/or run arbitrary code. Which brings up the Garbage Collector.
From previous posts, I learned that, for exemple, using undef on data structures releases the memory back to the Perl interpreter for reuse. The same thing happens when a reference goes out of scope. What I would like to know is what reallly happens to the bits when the memory is released. Are the all reset to 0? Are they left as is (thus possibly creating an opening following a buffer overflow)? Finally, is memory management the same with scripts converted to executables by perlapp or perl2exe?
-- "Fortunately, ridicule does not kill..."