Outright interpreting strings as code is more directly/reliably RCE-yielding than overwriting addresses with out-of-bound writes.
-
-
-
Proposed security metric for a language: performance ratio of native code vs fastest known "eval" you can achieve.
-
The idea being that, the slower the best achievable eval is compared to native code in the language, the less likely programmers are to try writing it.
- 1 more reply
New conversation -
-
-
I can't think of any proposed systems languages that support eval. The languages that have some serious work ongoing are Go, Rust, C++, OCaml.
-
system("gcc..."); dlopen(...); >_<
-
No one installs gcc in production.
-
And don't forget Gentoo users... ;-)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.