Dailydave mailing list archives
Re: VisualExploit.py
From: Daryl Tester <Daryl.Tester () iocane com au>
Date: Sat, 26 Feb 2005 12:23:13 +1030
Dave Aitel wrote:
This is more properly called a "Visual Language", not to be confused with Visual Studio.
I've always thought the shining example of a Visual Language is Cube, by Marc Najork et. al. I did a quick Google, but couldn't come up with any "purdee pictures" (if you've got DDJ's Dec 1995 "Visual Programming" issue, it's got a great cover shot of Cube). I'm wondering what the overall effect of "lowering the bar" would be - would vendors then make a more concerted effort to writing "better" (read: more secure) programs before releasing? Would they use the tools themselves? Pehaps you could call it "Pandora's Boxes"? :-)
o Wizards can enforce good coding practices for exploits - even good Python programmers sometimes use str+=str2, which is bad exploit coding practice since it changes string size. (Hi Rich)
I don't think so. Strings are still immutable under Python - all str += str2 gives you is a new str (and the old str is garbage collected). It's still equivalent to str = str + str2. $ python Python 2.3.3 (#1, May 7 2004, 10:31:40) [GCC 3.3.3 20040412 (Red Hat Linux 3.3.3-7)] on linux2 Type "help", "copyright", "credits" or "license" for more information.
str = 'hi' str_ref = str str2 = ' there' print id(str), id(str_ref), id(str2)
-151574432 -151574432 -151574176
str += str2 str
'hi there'
print id(str), id(str_ref), id(str2)
-151574112 -151574432 -151574176 Note that str's id changed, but str_ref's stayed the same. -- Regards, Daryl Tester, Software Wrangler and Bit Herder, IOCANE Pty. Ltd. "I have read of a place where humans do battle in a ring of Jell-O." -- Teal'c, SG-1 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- VisualExploit.py Dave Aitel (Feb 25)
- Re: VisualExploit.py Isaac Dawson (Feb 25)
- Re: VisualExploit.py Gadi Evron (Feb 25)
- Re: VisualExploit.py Daryl Tester (Feb 25)
- RE: VisualExploit.py Mike Bailey (Feb 25)
- Re: VisualExploit.py Mordy Ovits (Feb 28)
- Re: VisualExploit.py Rodney Thayer (Feb 28)
- Re: VisualExploit.py Dennis Cox (Feb 28)
- <Possible follow-ups>
- Re: VisualExploit.py Jerome ATHIAS (Feb 26)
- Re: VisualExploit.py Isaac Dawson (Feb 25)