"Exploiting Format String Vulnerabilities"
[http://www.eecg.toronto.edu/~lie/downloads/formatstring-1.2.pdf]

"Danger level rises for Perl app flaws"
[http://news.com.com/Danger+level+rises+for+Perl+flaws/2100-1002_3-5975954.html]

"Format string attack"
[http://en.wikipedia.org/wiki/Format_string_attack]



"[What is the advantage of Tcl over Perl]"

----
[schlenk] The core may be safe against format string attacks, but each extension has to take care in using various of the C stdlib string functions to not become vulnerable. The Tcl library just makes the string handling much easier and safer then the basic C lib, so there are nearly no reasons to use many of those functions in a Tcl extension. This higher abstraction level can protect against those low level flaws, if used wisely.  

----
[Category Security]