(ichimunki) Re: Immoral?

This code (at least what I saw before it was removed) was not the most complicated Perl in the world. And from what I understood of it, the virus was painfully obvious. It was certainly clearly written and documented. Imagine the same thing in obfuscated form, that didn't simply insert itself at the top of a script where you can see it.

I don't think posting this code is immoral, and I think censoring the discussion is. Imagine if SecurityFocus incident reports were as crippled as the above discussion. The exploit description would be worthless, since only those in the "inner circle" would even know what was happening.

That said, I find this interesting because it raises the question of how to defend against this. Given crackings at places like SourceForge, is it so hard to imagine trojaned scripts out there?

Nothing I could come up with off the top of my head would be surefire, but is there a way to embed an MD5 hash into a script and perhaps use a module to test the script against the hash and exit on non-validation?

#/usr/bin/perl -wT
use strict;
print "Hello, world!\n";
[download]

run hello.pl through validatination.pl to get

#/usr/bin/perl -wT
use strict;

#example of MD5 protection
use Validate::MD5;

print "Hello, world!\n";

#not a real hash this is off the top of my head
__HASH__
1A2E8584399E234F290C
[download]

Comment on (ichimunki) Re: Immoral? Select or Download Code

Replies are listed 'Best First'.
Re: (ichimunki) Re: Immoral? by bikeNomad (Priest) on Jun 27, 2001 at 20:13 UTC
If you're concerned about someone editing your scripts, you sure don't want to put a hash in them. You'd want it somewhere else, so if the script were compromised, the hash could detect it.	[reply]