|
|
|
|
|
|
by rainforest
2125 days ago
|
|
|
Yes, if there was a library that eval'd unsanitised input the damage potential is the same. The practical difference is that it's a lot harder to assure code written in unsafe languages is free of defects like this since they manifest as benign operations (every write to a buffer is a potential vector) rather than obviously dangerous operations. Concretely, you could grep for eval and convince yourself that each use is OK (assuming it's rare - it ought to be) but you couldn't do that for common language constructs that could be exploitable like writes to arrays/pointers. |
|
|