the reference to rm -rf's at the bottom of an obfuscation made me think twice before running it
If an obfuscator wanted to zap you like that, he'd
probably obfuscate the rm -rf somehow. You'd have
no warning unless you de-obfuscated the code before
running it, or read comments by others who either
de-obfuscated it or got bitten. There are an
infinite number of ways to obfuscate code, as I'm
sure you're aware if you follow this section closely.
is to keep an unprivileged account around for running
untrusted code. I'm generally not a big advocate of
unprivileged accounts; for normal, everyday use I feel
that they cause more inconvenience than they're
However, for running untrusted code, or code that
processes untrusted data from the internet (especially,
any kind of server code), an unprivileged account can
save you a lot of grief. If you don't trust an obfu
(or whatever other code you don't trust) run it as a
user with no privileges, no access to your home
directory with your data.
That said, I'll admit that with obfuscations on
Perlmonks I often don't bother, especially if there
are already positive comments by monks whose names
I recognize. I haven't been bitten yet...
I say this not to persuade anyone that it's true, nor
to start an argument about it (I'm tired of that
argument, believe me), but to point out that even
someone who holds this view, such as myself, still
sees the value of an unprivileged account for running
untrusted code. Where you draw the line in terms of
what software you choose to trust is another matter.
split//,".rekcah lreP rehtona tsuJ";$\=$ ;->();print$/