The way the question is posted smacks of either poor intents, or, even worse, a homework assignment.
And you care if it's a homework assignment, why? Because someone is willingly allowing you to sabotage their education? Who cares, less competition for your job (which is a good thing for you if you think that Perl program is a major security threat). Or maybe because someone else will read the thread and learn in the process? Or that, when you're replying to the post, someone corrects an error of yours and you learn something new because of it? Gee, those homework questions sure do damage...
If this 'harmless' script gets executed with enough access, it could bring a server to its knees by filling it up.
If they have the privileges to execute this script and have malicious intents, they can do far, far worse than fill up some disk space. Worry about the privilege escalation first, then worry about more damaging options. After you've solved those, you can worry about filling up disk space.
If it was simply research, why the need to double itself in size? If its simply research, the problem is creating a persistant program that runs itself over and over.
Because that's the first thing that popped into his or her head? Because he wanted to learn more about the language and operating system he or she was using and decided this might be a good way? Maybe the goal was to test a new security tool.
I'd like to ask first ... how is this indicitave of "much worse will happen"?
Because far more damaging tools already exist. Because thousands and thousands of people know how to cause massive damage on a widespread scale. Unless people start getting a clue about these threats, we're going to problems that make every incident to date look like harmless pranks. By claiming that something like this poses a security threat, you trivialize the real threats and make people feel safe.
Anyways, these problems aren't going to be solved on "Perl Monks" so I'll be on my merry way now. Later.
| [reply] |