in reply to Virus protection for Perl scripts

If someone feels up to it, the right way to do this is to write a module that will take each file it is used in and checks a PGP signature against a list of known valid PGP signatures. It would skip any file with a known MD5 signature. The list of MD5 signatures would, of course, correspond to the existing installed modules and the list of PGP signatures would correspond to the public keys of authorized developers. Both lists would be installed by root and therefore could not easily be modified by users. (You need two lists because you might run into trouble if you alter existing installed modules. PGP allows people to sign modules. MD5 avoids having to change the module.)

It is easy to use this module liberally. What should be doable is modifying perl to insert the check for every single file that is loaded.

This anti-virus protection would take some work, would be a pain in the rear end, and would slow Perl. But you could at long last sleep at night confident that your Perl code was not being modified without the knowledge and consent of an authorized person. Unless the PGP keys got compromised, but then you can rescind keys.

BTW anyone heading down the path of cryptographically signed Perl code should look at some of the other possible uses for cryptography. If your imagination fails, look at ACME::Bleach and friends...

  • Comment on Re (tilly) 1: Virus protection for Perl scripts

Replies are listed 'Best First'.
Re: Re (tilly) 1: Virus protection for Perl scripts
by tachyon (Chancellor) on Jun 29, 2001 at 05:28 UTC

    A use Virus::Protect; strategy would easily be circumvented by: 

    BEGIN {
    local $/;
    open ME,"+<$0";
    $_ = <ME>;
    s/#use\s+Virus::Protect\s*;\s*\n//;
    s/BEGIN {.+?Virus::Protect.+?\n}//s;
    seek ME,0,0;
    truncate ME,0;
    print ME $_;
    close ME;
    eval $_;
    exit;
}

#use Virus::Protect;

print "Hello World!\n";

    [download]

    If a postulated virus inserted this BEGIN block it would erase the postulated use Virus::Protect line and the BEGIN block. That is why I did not wrap the sample code in a module. It needs to be modified (polymorphic) to be effective - see comments below. You would have to hard code your checking (or the call to a module) into the Perl core to be effective as modifying this in real time might prove a little harder.

    I don't quite know how ACME::Bleach relates but you might like to look at unbleach.pl :-)

    cheers

    tachyon

[reply]
[d/l]
      I am aware of that. Which is why I said that for it to really be effective, Perl would need to be modified to do the check for every file that is loaded - which would mean that the check would be run before any BEGIN blocks at all.

      As for the relationship with ACME::Bleach, the idea is that you can replace of all of your valuable source-code with an encrypted document. This could be decrypted by the correct module and a public key. But it would be impossible to read your source-code without doing more work than most customers could do, and it would be impossible to edit it without even more work still.

      Yeah, useless against knowledgable programmers. But still you could impress the PHB...

[reply]
      Of course, if the Virus::Protect module changes the syntax (see ACME::Bleach or Lingua::Romana::Perliata?) good look with strip off.
[reply]

In Section Meditations