That said, my point is this: the amount of damage you can do from a
"native" program is greater than the damage you can achieve from a
script language, afaik.
This is not the case, unfortunately. There are already a lot of
exploits written in Perl, Python. Just google for "perl exploit" or
something similar. And this exploits are not like "construct proper GET
request for another SQL injection", but complicated buffer-overflowing
ones. Also exists some tutorials like this:
http://community.core-sdi.com/~juliano/withperl.txt
At least a privilege escalation should be
harder to obtain. I'm not sure about some languages such as Perl, though.
As was said above, perfoming privilege escalation in scripting
languages is not harder than in C, for example.
So, using "noexec" option for preventing malicious code from
execution is not desirable.
--
wbr,
Vasiliy
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
