Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

Re: (tye)Re: Immoral?

by andreychek (Parson)
on Jun 27, 2001 at 19:55 UTC ( #91951=note: print w/replies, xml ) Need Help??

in reply to (tye)Re: Immoral?
in thread Morality of posting Perl "virus" code?

I do agree -- having a Perl virus developed may be hazardous. However, I also feel there are two sides of the story.

Virii have been a problem for some time, and have been developed in all sorts of languages. There are already PHP viruses. With that in mind, it would seem likely that eventually, someone would write a virus in Perl, it's just a matter of when.

I don't feel that security by "ignoring it and hoping it goes away" would be a good long term solution. Is there anything that could ever be done to prevent a Perl virus from running? I don't really know. However, I would much rather have this opportunity to discuss the matter with the reasonable, intelligent people who frequent this site (not to be confused with "reasonably intelligent people", found at various other sites ;-), then run around trying to clean up the mess after it happens in the future, and THEN having this discussion :-)

So opening things wide open -- is there anything that could be done with Perl to prevent a Perl virus from doing damage? It seems extremely difficult, and I don't know any other language that has figured out a way around this. But if any language could develop a system to aid in prevention, it would be Perl!

tye, I'm not dissagreeing with you per-se. I suppose that I just feel that since it's going to happen anyway, that perhaps it would be easier to attempt to deal with the issue now. I'm just glad it was a monk offering code up for review, and not one of my users trying it out on my system. But perhaps this should be a non-public discussion -- I'll leave that up to you guys :-)

Update: BTW, is there a system for non-public discussion on this site? Password protected forums, forums that require a particular level, etc?

Update 2: After seeing lemming's post, I changed all referenced of "virii" to "viruses", which is apparently the correct usage. Thanks Lemming :-)

Replies are listed 'Best First'.
Re: Re: (tye)Re: Immoral?
by enoch (Chaplain) on Jun 27, 2001 at 20:08 UTC
            Is there anything that could ever be done to prevent a Perl virus from running?

    Well, I would like to offer my suggestions.
    • Make an unprivileged user and call it "scriptGuy" or something
    • Remove all of that users privileges everywhere, and I mean EVERYWHERE.
    • Begin restoring privileges to that user on a need-by-need basis until it becomes a semi-usable account
    • Run all scripts as that user
    • Never run code found in the wild without understanding it or, at least, trusting the source from which it came
        Now, this discussion is going to easily turn into a general discussion on computer security (i.e. shut off ftp and telnet, use ipchains, etc., etc.). But, that might not be such a bad discussion to have.

(tye)Re2: Immoral?
by tye (Sage) on Jun 27, 2001 at 20:00 UTC

    To clarify, discussing viruses and even producing a virus can be important research. Releasing the code to the world as part of the research is a big mistake in my book. It is the inclusion of the code that I object to, especially in a public place such as this.

    And I'm not claiming that hiding this one bit of code will stop the creation of viruses. I am worried that not hiding it could cause the creation of a virus. That is, speed up the creation of a virus or increase the number of such viruses.

    This is not a security measure. This is a moral decision to not contribute to the creation of a virus. Sure, think about it and talk about it, but don't hand out seeds to the world. Sure, some virus will probably come along eventually but I don't want to have had a hand in its developoment!


            - tye (but my friends call me "Tye")

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://91951]
[LanX]: but but but ... the errors are nicely formatted!
[tye]: 1) The python stack traces show you the names of variables, not the values of variables. Almost never informative.
[LanX]: do you have a py job now?
[tye]: Right now I have errors trying to fetch stuff from graphite. It says 'apps not ready, check startup logs'. I eventually find the startup logs and see 'no apps found'. Looking for fixes to this problem...
[LanX]: no idea ... ask py monks! ;-p
[tye]: it turns out that this can be caused by almost anything going wrong. If you want to know what caused the problem, you have to try to load each app by-hand to see what problems it is having, because none of those will be logged.
[tye]: No, I write more Perl than py at work. But I have to deal with plenty of py things.
[tye]: py monks would just be offended.
[Corion]: ;)
[Corion]: Hi tye btw ;)

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (7)
As of 2017-09-21 20:11 GMT
Find Nodes?
    Voting Booth?
    During the recent solar eclipse, I:

    Results (252 votes). Check out past polls.