Re: Obfuscation and viruses

Agreed. For that matter, as other monks have pointed out before (Dominus in particular, if I recall correctly), how often do you check the code in CPAN modules? They could also easily contain malicious code. I know I rarely (I'd say never, but I've checked at least once) see what the source says before I try using the module...

Comment on Re: Obfuscation and viruses

Replies are listed 'Best First'.
Re: Re: Obfuscation and viruses by jepri (Parson) on Jun 18, 2001 at 03:39 UTC
I never check, but I figure I'd hear about it pretty fast if there were a problem. Accountability is a factor here, since it would be possible to track down a submitter and slap them with a large-sized lawsuit. Also, the CPAN testers would be likely to spot a script that did nasty things. Finally, Perl should run with the permissions of the caller, so a malicious module would still be unable to affect the entire system. I do agree with the basic fear though. A module that is useful to root user could be booby trapped to mail /etc/password and the computers IP to a USENET group or something similar. ____________________ Jeremy I didn't believe in evil until I dated it.	[reply]

Replies are listed 'Best First'.

Re: Re: Obfuscation and viruses
by jepri (Parson) on Jun 18, 2001 at 03:39 UTC

Also, the CPAN testers would be likely to spot a script that did nasty things.

Finally, Perl should run with the permissions of the caller, so a malicious module would still be unable to affect the entire system.

I do agree with the basic fear though. A module that is useful to root user could be booby trapped to mail /etc/password and the computers IP to a USENET group or something similar.

____________________
Jeremy
I didn't believe in evil until I dated it.

[reply]